In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.
{ "severity": "Medium", "cpes": [ "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*" ] }