oss-sec mailing list archives
CVE-2022-35278: Apache ActiveMQ Artemis: HTML Injection in ActiveMQ Artemis Web Console
From: Justin Bertram <jbertram () apache org>
Date: Wed, 17 Aug 2022 15:42:09 -0500
Description: An attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue. Mitigation: Upgrade to Apache ActiveMQ Artemis 2.24.0. Credit: Apache ActiveMQ would like to thank Yash Pandya (Digital14), Rajatkumar Karmarkar (Digital14), and Likhith Cheekatipalle (Digital14) for reporting this issue.
Current thread:
- CVE-2022-35278: Apache ActiveMQ Artemis: HTML Injection in ActiveMQ Artemis Web Console Justin Bertram (Aug 18)