CVE-2016-0782

CWE-79 — Cross-site Scripting (XSS)9 documents7 sources

Severity

5.4MEDIUM

EPSS

1.2%

top 21.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Activemq

Timeline

PublishedAug 5

Latest updateMay 14

Description

The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users to conduct cross-site scripting (XSS) attacks and consequently obtain sensitive information from a Java memory dump via vectors related to creating a queue.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

▶Mavenorg.apache.activemq:activemq-client5.0.0 — 5.11.4+2

▶NVDapache/activemq28 versions+27

▶Debianactivemq< 5.13.2+dfsg-1+2

🔴Vulnerability Details

OSV

Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ↗2022-05-14

▶

GHSA

Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ↗2022-05-14

▶

CVEList

CVE-2016-0782: The administration web console in Apache ActiveMQ 5↗2016-08-05

▶

OSV

CVE-2016-0782: The administration web console in Apache ActiveMQ 5↗2016-08-05

▶

📋Vendor Advisories

Red Hat

activemq: Cross-site scripting vulnerabilities in web console↗2016-03-10

▶

Debian

CVE-2016-0782: activemq - The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x befo...↗2016

▶

💬Community

Bugzilla

CVE-2016-0782 activemq: Cross-site scripting vulnerabilities in web console↗2016-03-14

▶

Bugzilla

CVE-2016-0734 CVE-2016-0782 activemq: various flaws [fedora-all]↗2016-03-14

▶