Описание
In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability. The XSS payload is being injected into the admin console's browser. The XSS payload is triggered in the diagram plugin; queue node and the info section.
A flaw was found in activemq. A specifically crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability. The XSS payload is being injected into the admin console's browser. The XSS payload is triggered in the diagram plugin; queue node and the info section.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| JBoss Developer Studio 11 | activemq | Out of support scope | ||
| Red Hat CodeReady Studio 12 | activemq | Not affected | ||
| Red Hat Decision Manager 7 | activemq-artemis | Not affected | ||
| Red Hat Fuse 7 | activemq | Not affected | ||
| Red Hat JBoss A-MQ 6 | activemq | Out of support scope | ||
| Red Hat JBoss Data Grid 7 | activemq-artemis | Out of support scope | ||
| Red Hat JBoss Enterprise Application Platform 7 | activemq-artemis | Not affected | ||
| Red Hat JBoss Enterprise Application Platform Continuous Delivery | activemq-artemis | Not affected | ||
| Red Hat JBoss Fuse 6 | activemq | Out of support scope | ||
| Red Hat JBoss Fuse Service Works 6 | activemq | Out of support scope |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability. The XSS payload is being injected into the admin console's browser. The XSS payload is triggered in the diagram plugin; queue node and the info section.
Cross-site Scripting (XSS) in Apache ActiveMQ Artemis
EPSS
6.5 Medium
CVSS3