In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
07 Nov 2023, 03:19
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
05 Oct 2022, 20:54
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | (MISC) https://www.oracle.com/security-alerts/cpuApr2021.html - Third Party Advisory |
14 Jun 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Feb 2021, 16:21
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7@%3Ccommits.activemq.apache.org%3E - Mailing List, Patch, Vendor Advisory |
08 Feb 2021, 07:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
28 Jan 2021, 18:04
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:* |
|
References | (MLIST) https://lists.apache.org/thread.html/re4672802b0e5ed67c08c9e77057d52138e062f77cc09581b723cf95a@%3Ccommits.activemq.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2020.html - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d@%3Ccommits.activemq.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpujul2020.html - Third Party Advisory |
27 Jan 2021, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-05-14 17:15
Updated : 2023-12-10 13:27
NVD link : CVE-2020-1941
Mitre link : CVE-2020-1941
CVE.ORG link : CVE-2020-1941
JSON object : View
Products Affected
oracle
- communications_diameter_signaling_router
- flexcube_private_banking
- communications_session_report_manager
- enterprise_repository
- communications_element_manager
- communications_session_route_manager
apache
- activemq
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')