CVE-2016-6810

CWE-79 — Cross-site Scripting (XSS)CWE-20 — Improper Input Validation9 documents7 sources

Severity

6.1MEDIUM

EPSS

2.1%

top 15.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Activemq Apache Software Foundation Apache Activemq

Timeline

PublishedJan 10

Latest updateMay 14

Description

In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is improper user data output validation.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

▶NVDapache/activemq5.0.0 — 5.14.2

▶Mavenorg.apache.activemq:activemq-client5.0.0 — 5.14.2

▶CVEListV5apache_software_foundation/apache_activemq5.0.0 to 5.14.1

▶Debianactivemq< 5.14.2+dfsg-1+2

🔴Vulnerability Details

GHSA

Improper Neutralization of Input During Web Page Generation Apache ActiveMQ↗2022-05-14

▶

OSV

Improper Neutralization of Input During Web Page Generation Apache ActiveMQ↗2022-05-14

▶

OSV

CVE-2016-6810: In Apache ActiveMQ 5↗2018-01-10

▶

CVEList

CVE-2016-6810: In Apache ActiveMQ 5↗2018-01-10

▶

📋Vendor Advisories

Red Hat

activemq: Cross-site scripting in web based administration console↗2016-12-09

▶

Debian

CVE-2016-6810: activemq - In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vuln...↗2016

▶

💬Community

Bugzilla

CVE-2016-6810 activemq: Cross-site scripting in web based administration console↗2016-12-14

▶

Bugzilla

CVE-2016-6810 activemq: Cross-site scripting in web based administration console [fedora-all]↗2016-12-14

▶