CVE-2014-8110 — Cross-site Scripting in Apache Activemq

CWE-79 — Cross-site Scripting6 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

3.9%

top 11.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Activemq

Timeline

PublishedFeb 12

Latest updateMay 14

Description

Multiple cross-site scripting (XSS) vulnerabilities in the web based administration console in Apache ActiveMQ 5.x before 5.10.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDapache/activemq18 versions+17

🔴Vulnerability Details

GHSA

Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ↗2022-05-14

▶

OSV

Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ↗2022-05-14

▶

CVEList

CVE-2014-8110: Multiple cross-site scripting (XSS) vulnerabilities in the web based administration console in Apache ActiveMQ 5↗2015-02-12

▶

📋Vendor Advisories

Debian

CVE-2014-8110: activemq - Multiple cross-site scripting (XSS) vulnerabilities in the web based administrat...↗2014

▶

💬Community

Bugzilla

CVE-2014-8110 Apache ActiveMQ: various flaws, XSS, XXE, LDAP wildcard interpretation↗2014-12-17

▶