CVE-2018-8006

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-8006
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-8006.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-8006
Aliases
Published
2018-10-10T14:29:00Z
Modified
2024-06-30T12:01:22Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter.

References

Affected packages

Debian:11 / activemq

Package

Name
activemq
Purl
pkg:deb/debian/activemq?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.15.6-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / activemq

Package

Name
activemq
Purl
pkg:deb/debian/activemq?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.15.6-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / activemq

Package

Name
activemq
Purl
pkg:deb/debian/activemq?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.15.6-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Git / github.com/apache/activemq

Affected ranges

Type
GIT
Repo
https://github.com/apache/activemq
Events