GitHub Advisory DatabaseGHSA-9CVR-8XQ4-2M73Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.007 Low
EPSS
Percentile
80.4%
Multiple cross-site scripting (XSS) vulnerabilities in the web based administration console in Apache ActiveMQ 5.x before 5.10.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| org.apache.activemq:activemq-client | lt | 5.10.1 |
References
activemq.apache.org/security-advisories.data/CVE-2014-8110-announcement.txt
seclists.org/oss-sec/2015/q1/427
exchange.xforce.ibmcloud.com/vulnerabilities/100724
github.com/advisories/GHSA-9cvr-8xq4-2m73
github.com/apache/activemq/commit/994d9b26
github.com/apache/activemq/commit/f8b3de86d8154db5680433e46734b2bd9ced852b
issues.apache.org/jira/browse/AMQ-5033
lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E
lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2014-8110
web.archive.org/web/20161110092459/secunia.com/advisories/62649
web.archive.org/web/20200228044455/www.securityfocus.com/bid/72511
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.007 Low
EPSS
Percentile
80.4%