CVE-2020-1941 – org.apache.activemq:activemq-web-console

Package

Manager: maven
Name: org.apache.activemq:activemq-web-console
Vulnerable Version: >=5.0.0 <5.15.12

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

EPSS: 0.04424 pctl0.88604

Details

Apache ActiveMQ webconsole admin GUI is open to XSS In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.

Metadata

Created: 2020-05-21T21:08:56Z
Modified: 2024-03-14T21:33:59Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/05/GHSA-cc94-3v9c-7rm8/GHSA-cc94-3v9c-7rm8.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-cc94-3v9c-7rm8
Finding: F008
Auto approve: 1