CVE-2018-8006
published 2018-10-10CVE-2018-8006: An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | activemq | >= 0 < 5.15.6-1 | 5.15.6-1 |
| apache | activemq | >= 0 < 5.15.6-1 | 5.15.6-1 |
| apache | activemq | >= 0 < 5.15.6-1 | 5.15.6-1 |
| apache | activemq | 5.0.0 – 5.15.5 | — |
| apache_software_foundation | apache_activemq | — | — |
| debian | activemq | < activemq 5.15.6-1 (bookworm) | activemq 5.15.6-1 (bookworm) |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
osv6.1MEDIUM
vulncheck6.1MEDIUM