CVE-2020-13947

6.1MEDIUM

Key Information:

Vendor: Apache
Status: Apache ActiveMQ
Vendor: CVE Published:; 8 February 2021

Summary

An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 through 5.16.0.

Affected Version(s)

Apache ActiveMQ Apache ActiveMQ version prior to 5.15.13 and 5.16.1

References

http://activemq.apache.org/security-advisories.data/CVE-2...

x_refsource_MISC

https://lists.apache.org/thread.html/r021c490028f61c8b6f7...

mailing-listx_refsource_MLIST

https://lists.apache.org/thread.html/ra66791f1f2b59fa651a...

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 8, 2021
Vulnerability Reserved
Jun 8, 2020