CVE-2020-13932

CWE-79Cross-site Scripting (XSS)6 documents6 sources
Severity
6.1MEDIUM
EPSS
2.6%
top 14.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Activemq Artemis
Timeline
PublishedJul 20
Latest updateFeb 9

Description

In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability. The XSS payload is being injected into the admin console's browser. The XSS payload is triggered in the diagram plugin; queue node and the info section.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

Mavenorg.apache.activemq:apache-artemis2.5.02.14.0
NVDapache/activemq_artemis2.5.02.13.0
CVEListV5apache_activemq_artemisApache ActiveMQ Artemis 2.5.0 to 2.13.0

🔴Vulnerability Details

3
OSV
Cross-site Scripting (XSS) in Apache ActiveMQ Artemis2022-02-09
GHSA
Cross-site Scripting (XSS) in Apache ActiveMQ Artemis2022-02-09
CVEList
CVE-2020-13932: In Apache ActiveMQ Artemis 22020-07-20

📋Vendor Advisories

1
Red Hat
activemq: remote XSS in web console diagram plugin2020-07-20

💬Community

1
Bugzilla
CVE-2020-13932 activemq: remote XSS in web console diagram plugin2020-07-20
CVE-2020-13932 (MEDIUM CVSS 6.1) | In Apache ActiveMQ Artemis 2.5.0 to | cvebase.io