Cross-Site Scripting Vulnerability in Apache ActiveMQ Web Console
CVE-2018-8006

6.1MEDIUM

Key Information:

Vendor
Apache
Status
Apache ActiveMQ
Vendor
CVE Published:
10 October 2018

Summary

A cross-site scripting (XSS) vulnerability exists in the web-based administration console of Apache ActiveMQ, particularly in the queue.jsp page. This security flaw is due to improper data filtering of the QueueFilter parameter, potentially allowing an attacker to inject malicious scripts into web pages viewed by other users. Successful exploitation could lead to unauthorized actions or data exposure, making it essential for administrators to implement security measures and upgrade to fixed versions to safeguard against potential attacks.

Affected Version(s)

Apache ActiveMQ 5.0.0 to 5.15.5

References

http://activemq.apache.org/security-advisories.data/CVE-2...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/105156
vdb-entryx_refsource_BID
https://lists.apache.org/thread.html/2b5c0039197a4949f29e...
mailing-listx_refsource_MLIST

EPSS Score

88% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.