CVE-2022-35278

Опубликовано: 18 авг. 2022

Источник: redhat

CVSS3: 6.1

EPSS Низкий

Описание

In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue.

A security vulnerability was found in ActiveMQ Artemis. This flaw allows an attacker to show malicious content and redirect users to a malicious URL in the web console by using HTML in the name of an address or queue.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Fuse 7	artemis-plugin	Not affected
AMQ Broker 7.10.1	artemis-plugin	Fixed	RHSA-2022:6916	12.10.2022
Red Hat AMQ 7.8.7	artemis-plugin	Fixed	RHSA-2022:6292	01.09.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-74

https://bugzilla.redhat.com/show_bug.cgi?id=2109805activemq-artemis: AMQ Broker web console HTML Injection

EPSS

Процентиль: 92%

0.07498

Низкий

6.1 Medium

CVSS3

Связанные уязвимости

CVE-2022-35278

CVSS3: 6.1

ubuntu

больше 3 лет назад

In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue.

CVE-2022-35278

CVSS3: 6.1

nvd

больше 3 лет назад

In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue.

GHSA-cv6r-h2fm-pvrp

CVSS3: 6.1

github

больше 3 лет назад

HTML Injection in ActiveMQ Artemis Web Console

EPSS

Процентиль: 92%

0.07498

Низкий

6.1 Medium

CVSS3