artemis-plugin is vulnerable to cross-site scripting (XSS). The vulnerability exists as the values of destinationName
, consumerId
, consumer.connectionID
, broker.brokerId
, queueName
, addressName
in js/brokerDiagram.js
is not sanitized.
activemq.apache.org/security-advisories.data/CVE-2020-13932-announcement.txt
github.com/apache/activemq-artemis/commit/a69b2aee7b63d4bcc90ad316ca7540c3d39eb012
lists.apache.org/thread.html/r7fcedcc89e5f296b174d6b8c1438c607c30d809c04292e5732d6e4eb@%3Cusers.activemq.apache.org%3E
lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d@%3Ccommits.activemq.apache.org%3E
lists.apache.org/thread.html/rc96ad63f148f784c84ea7f0a178c84a8985c6afccabbcd9847a82088@%3Ccommits.activemq.apache.org%3E