'[oss-security] [CVE-2020-1941] XSS in ActiveMQ WebConsole'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] [CVE-2020-1941] XSS in ActiveMQ WebConsole
From:       Jean-Baptiste Onofre <jb () nanthrax ! net>
Date:       2020-05-14 5:25:05
Message-ID: DC7932BA-215B-48C8-844E-5EFC06EE609C () nanthrax ! net
[Download RAW message or body]

CVE-2020-1941 - XSS in WebConsole

Severity: Medium

Vendor:
The Apache Software Foundation

Versions Affected:
Apache ActiveMQ 5.0.0 - 5.15.11

Description:
The webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.

Mitigation:
Upgrade to Apache ActiveMQ 5.15.12. 

Credit:
This issue was discovered by:

* PrzemysĹ‚aw Kowalski <przemyslawk@stmsolutions.pl>

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic