Количество 10
Количество 10
BDU:2025-04152
Уязвимость брокера сообщений RabbitMQ, связанная с непринятием мер по нейтрализации script-related тэгов html на веб-странице, позволяющая нарушителю оказать воздействие на целостность данных
CVE-2021-32718
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper `<script>` tag sanitization, potentially allowing for JavaScript code execution in the context of the page. In order for this to occur, the user must be signed in and have elevated permissions (other user management). The vulnerability is patched in RabbitMQ 3.8.17. As a workaround, disable `rabbitmq_management` plugin and use CLI tools for management operations and Prometheus and Grafana for metrics and monitoring.
CVE-2021-32718
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper `<script>` tag sanitization, potentially allowing for JavaScript code execution in the context of the page. In order for this to occur, the user must be signed in and have elevated permissions (other user management). The vulnerability is patched in RabbitMQ 3.8.17. As a workaround, disable `rabbitmq_management` plugin and use CLI tools for management operations and Prometheus and Grafana for metrics and monitoring.
CVE-2021-32718
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper `<script>` tag sanitization, potentially allowing for JavaScript code execution in the context of the page. In order for this to occur, the user must be signed in and have elevated permissions (other user management). The vulnerability is patched in RabbitMQ 3.8.17. As a workaround, disable `rabbitmq_management` plugin and use CLI tools for management operations and Prometheus and Grafana for metrics and monitoring.
CVE-2021-32718
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prio ...
openSUSE-SU-2021:3325-1
Security update for rabbitmq-server
openSUSE-SU-2021:1334-1
Security update for rabbitmq-server
SUSE-SU-2021:3325-1
Security update for rabbitmq-server
SUSE-SU-2021:3254-1
Security update for rabbitmq-server
SUSE-FU-2024:2078-1
Feature update for rabbitmq-server313, erlang26, elixir115
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | BDU:2025-04152 Уязвимость брокера сообщений RabbitMQ, связанная с непринятием мер по нейтрализации script-related тэгов html на веб-странице, позволяющая нарушителю оказать воздействие на целостность данных | CVSS3: 3.1 | 0% Низкий | больше 4 лет назад |
 | CVE-2021-32718 RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper `<script>` tag sanitization, potentially allowing for JavaScript code execution in the context of the page. In order for this to occur, the user must be signed in and have elevated permissions (other user management). The vulnerability is patched in RabbitMQ 3.8.17. As a workaround, disable `rabbitmq_management` plugin and use CLI tools for management operations and Prometheus and Grafana for metrics and monitoring. | CVSS3: 3.1 | 0% Низкий | больше 4 лет назад |
 | CVE-2021-32718 RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper `<script>` tag sanitization, potentially allowing for JavaScript code execution in the context of the page. In order for this to occur, the user must be signed in and have elevated permissions (other user management). The vulnerability is patched in RabbitMQ 3.8.17. As a workaround, disable `rabbitmq_management` plugin and use CLI tools for management operations and Prometheus and Grafana for metrics and monitoring. | CVSS3: 5.4 | 0% Низкий | почти 5 лет назад |
 | CVE-2021-32718 RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper `<script>` tag sanitization, potentially allowing for JavaScript code execution in the context of the page. In order for this to occur, the user must be signed in and have elevated permissions (other user management). The vulnerability is patched in RabbitMQ 3.8.17. As a workaround, disable `rabbitmq_management` plugin and use CLI tools for management operations and Prometheus and Grafana for metrics and monitoring. | CVSS3: 3.1 | 0% Низкий | больше 4 лет назад |
| CVE-2021-32718 RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prio ... | CVSS3: 3.1 | 0% Низкий | больше 4 лет назад |
 | openSUSE-SU-2021:3325-1 Security update for rabbitmq-server | больше 4 лет назад | ||
| openSUSE-SU-2021:1334-1 Security update for rabbitmq-server | больше 4 лет назад | ||
| SUSE-SU-2021:3325-1 Security update for rabbitmq-server | больше 4 лет назад | ||
| SUSE-SU-2021:3254-1 Security update for rabbitmq-server | больше 4 лет назад | ||
| SUSE-FU-2024:2078-1 Feature update for rabbitmq-server313, erlang26, elixir115 | больше 1 года назад |
Уязвимостей на страницу