CVE-2015-0862

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2015-0862

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2015-0862.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2015-0862

Related

Published

2015-01-18T18:59:01Z

Modified

2025-04-12T10:46:40Z

Downstream

openSUSE-SU-2024:10370-1

Summary

[none]

Details

Multiple cross-site scripting (XSS) vulnerabilities in the management web UI in the RabbitMQ management plugin before 3.4.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) message details when a message is unqueued, such as headers or arguments; (2) policy names, which are not properly handled when viewing policies; (3) details for AMQP network clients, such as the version; allow remote authenticated administrators to inject arbitrary web script or HTML via (4) user names, (5) the cluster name; or allow RabbitMQ cluster administrators to (6) modify unspecified content.

References

Affected packages

Debian:11 / rabbitmq-server

Package

Name: rabbitmq-server
Purl: pkg:deb/debian/rabbitmq-server?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.4.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / rabbitmq-server

Package

Name: rabbitmq-server
Purl: pkg:deb/debian/rabbitmq-server?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.4.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / rabbitmq-server

Package

Name: rabbitmq-server
Purl: pkg:deb/debian/rabbitmq-server?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.4.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}