CVE-2018-8006 – org.apache.activemq:activemq-web-console

Package

Manager: maven
Name: org.apache.activemq:activemq-web-console
Vulnerable Version: >=5.0.0 <5.15.6

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

EPSS: 0.80812 pctl0.99111

Details

Apache ActiveMQ web console vulnerable to Cross-site Scripting An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter.

Metadata

Created: 2018-10-30T20:48:58Z
Modified: 2024-03-14T22:11:52Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-hvwm-2624-rp9x/GHSA-hvwm-2624-rp9x.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-hvwm-2624-rp9x
Finding: F008
Auto approve: 1