Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-8006

CWE-79Cross-site Scripting (XSS)11 documents9 sources
Severity
6.1MEDIUM
EPSS
79.9%
top 0.90%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Apache ActivemqApache Software Foundation Apache Activemq
Timeline
PublishedOct 10
Latest updateOct 30

Description

An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

NVDapache/activemq5.0.05.15.5
Debianactivemq< 5.15.6-1+2

🔴Vulnerability Details

5
GHSA
Apache ActiveMQ web console vulnerable to Cross-site Scripting2018-10-30
OSV
Apache ActiveMQ web console vulnerable to Cross-site Scripting2018-10-30
OSV
CVE-2018-8006: An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue2018-10-10
CVEList
CVE-2018-8006: An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue2018-10-10
VulnCheck
Apache ActiveMQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')2018

💥Exploits & PoCs

1
Nuclei
Apache ActiveMQ <=5.15.5 - Cross-Site Scripting

📋Vendor Advisories

2
Red Hat
activemq: Cross-site scripting (XSS) via QueueFilter parameter2018-08-24
Debian
CVE-2018-8006: activemq - An instance of a cross-site scripting vulnerability was identified to be present...2018

💬Community

2
Bugzilla
CVE-2018-8006 activemq: Cross-site scripting (XSS) via QueueFilter parameter2018-08-28
Bugzilla
CVE-2018-8006 activemq: Cross-site scripting (XSS) via QueueFilter parameter [fedora-all]2018-08-28