It was found that the JBoss A-MQ console would accept a string containing JavaScript as the name of a new message queue Execution of the UI would subsequently execute the script An attacker could use this flaw to access sensitive information or perform other attacks ...