CVE-2014-9649
Severity
4.3MEDIUM
EPSS
0.3%
top 47.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 27
Latest updateMay 13
Description
Cross-site scripting (XSS) vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to api/, which is not properly handled in an error message.
CVSS vector
AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9
Affected Packages2 packages
๐ดVulnerability Details
3GHSAโถ
GHSA-3ppr-6h5r-qm4p: Cross-site scripting (XSS) vulnerability in the management plugin in RabbitMQ 2โ2022-05-13
CVEListโถ
CVE-2014-9649: Cross-site scripting (XSS) vulnerability in the management plugin in RabbitMQ 2โ2015-01-27
OSVโถ
CVE-2014-9649: Cross-site scripting (XSS) vulnerability in the management plugin in RabbitMQ 2โ2015-01-27