Veracode Vulnerability DatabaseVERACODE:25929Cross-site Scripting (XSS)
EPSS
Percentile
77.4%
artemis-plugin is vulnerable to cross-site scripting (XSS). The vulnerability exists as the values of destinationName, consumerId, consumer.connectionID, broker.brokerId, queueName, addressName in js/brokerDiagram.js is not sanitized.
References
activemq.apache.org/security-advisories.data/CVE-2020-13932-announcement.txt
github.com/apache/activemq-artemis/commit/a69b2aee7b63d4bcc90ad316ca7540c3d39eb012
lists.apache.org/thread.html/r7fcedcc89e5f296b174d6b8c1438c607c30d809c04292e5732d6e4eb@%3Cusers.activemq.apache.org%3E
lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d@%3Ccommits.activemq.apache.org%3E
lists.apache.org/thread.html/rc96ad63f148f784c84ea7f0a178c84a8985c6afccabbcd9847a82088@%3Ccommits.activemq.apache.org%3E
Related
