GHSA-mxf7-pv8q-294h

Source

https://github.com/advisories/GHSA-mxf7-pv8q-294h

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-mxf7-pv8q-294h/GHSA-mxf7-pv8q-294h.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-mxf7-pv8q-294h

Aliases

CVE-2010-0684

Published

2022-05-02T06:14:45Z

Modified

2024-12-07T05:31:09.651012Z

Summary

Cross-site scripting in Apache ActiveMQ

Details

Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.

Database specific

{
    "nvd_published_at": "2010-04-05T16:30:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2023-12-21T18:44:09Z"
}

References

Affected packages

Maven / org.apache.activemq:activemq-parent

Package

Name: org.apache.activemq:activemq-parent; View open source insights on deps.dev
Purl: pkg:maven/org.apache.activemq/activemq-parent

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.3.1

Affected versions

4.*

4.1.1

4.1.2

5.*

5.0.0

5.1.0

5.2.0

5.3.0