[prev in list] [next in list] [prev in thread] [next in thread]
List: activemq-dev
Subject: Re: CVE-2020-13947 - XSS in WebConsole
From: Jean-Baptiste Onofre <jb () nanthrax ! net>
Date: 2021-02-11 6:14:08
Message-ID: 4FD578AE-424E-46F4-82FC-8CAA6C25364D () nanthrax ! net
[Download RAW message or body]
Update about this CVE.
The mitigation is to upgrade to at least Apache ActiveMQ 5.15.14 or 5.16.1.
> Le 8 févr. 2021 à 06:24, Jean-Baptiste Onofre <jb@nanthrax.net> a écrit :
>
> CVE-2020-13947 - XSS in WebConsole
>
> Severity: Medium
>
> Vendor:
> The Apache Software Foundation
>
> Versions Affected:
> Apache ActiveMQ prior to 5.15.12 and 5.16.0
>
> Description:
> An instance of a cross-site scripting
> vulnerability was identified to be present in the web based
> administration console on the message.jsp page of Apache ActiveMQ
> versions 5.15.12 to 5.16.0.
>
> Mitigation:
> Upgrade to at least Apache ActiveMQ 5.15.13 or 5.16.1
>
> Credit:
> This issue was discovery by:
>
> * qiang qiang <silbul2017@gmail.com>
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic