GHSA-cc94-3v9c-7rm8
Suggest an improvement- Source
- https://github.com/advisories/GHSA-cc94-3v9c-7rm8
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/05/GHSA-cc94-3v9c-7rm8/GHSA-cc94-3v9c-7rm8.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-cc94-3v9c-7rm8
- Aliases
- Published
- 2020-05-21T21:08:56Z
- Modified
- 2024-03-14T21:50:10.151916Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Apache ActiveMQ webconsole admin GUI is open to XSS
- Details
-
In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.
- Database specific
{ "github_reviewed": true, "nvd_published_at": "2020-05-14T17:15:00Z", "github_reviewed_at": "2020-05-21T17:36:06Z", "severity": "MODERATE", "cwe_ids": [ "CWE-79" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2020-1941
- https://github.com/apache/activemq/commit/7793a95
- https://github.com/apache/activemq/commit/81bd743eaa243f0cc5dfbb1342cee1fef1fc5df2
- https://github.com/apache/activemq/commit/c0e17a3
- https://github.com/apache/activemq
- https://issues.apache.org/jira/browse/AMQ-7231
- https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7@%3Ccommits.activemq.apache.org%3E
- https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d@%3Ccommits.activemq.apache.org%3E
- https://lists.apache.org/thread.html/re4672802b0e5ed67c08c9e77057d52138e062f77cc09581b723cf95a@%3Ccommits.activemq.apache.org%3E
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- http://activemq.apache.org/security-advisories.data/CVE-2020-1941-announcement.txt
Affected packages
Maven / org.apache.activemq:activemq-web-console
Package
- Name
- org.apache.activemq:activemq-web-console
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.activemq/activemq-web-console
Affected versions
5.*
5.0.0
5.1.0
5.2.0
5.3.0
5.3.1
5.3.2
5.4.0
5.4.1
5.4.2
5.4.3
5.5.0
5.5.1
5.6.0
5.7.0
5.8.0
5.9.0
5.9.1
5.10.0
5.10.1
5.10.2
5.11.0
5.11.1
5.11.2
5.11.3
5.11.4
5.12.0
5.12.1
5.12.2
5.12.3
5.13.0
5.13.1
5.13.2
5.13.3
5.13.4
5.13.5
5.14.0
5.14.1
5.14.2
5.14.3
5.14.4
5.14.5
5.15.0
5.15.1
5.15.2
5.15.3
5.15.4
5.15.5
5.15.6
5.15.7
5.15.8
5.15.9
5.15.10
5.15.11