<!--X-Body-Begin-->
<!--X-User-Header-->
oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->
By Date
By Thread
</form>
<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
CVE-2020-13947 - XSS in Apache ActiveMQ WebConsole
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->
From: Jean-Baptiste Onofre <jb () nanthrax net>
Date: Mon, 8 Feb 2021 06:25:40 +0100
<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
CVE-2020-13947 - XSS in WebConsole
Severity: Medium
Vendor:
The Apache Software Foundation
Versions Affected:
Apache ActiveMQ prior to 5.15.12 and 5.16.0
Description:
An instance of a cross-site scripting
vulnerability was identified to be present in the web based
administration console on the message.jsp page of Apache ActiveMQ
versions 5.15.12 to 5.16.0.
Mitigation:
Upgrade to at least Apache ActiveMQ 5.15.13 or 5.16.1
Credit:
This issue was discovery by:
* qiang qiang <silbul2017 () gmail com>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
By Date
By Thread
Current thread:
CVE-2020-13947 - XSS in Apache ActiveMQ WebConsole Jean-Baptiste Onofre (Feb 07)
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->