CVE-2020-13947

CWE-79 — Cross-site Scripting (XSS)8 documents6 sources

Severity

6.1MEDIUM

EPSS

4.0%

top 11.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Activemq Oracle Communications Session Report Manager Oracle Communications Session Route Manager

Timeline

PublishedFeb 8

Latest updateJan 17

Description

An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 through 5.16.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages6 packages

▶NVDapache/activemq5.16.0 — 5.16.1+1

▶Mavenorg.apache.activemq:activemq-parent5.16.0 — 5.16.1+1

▶CVEListV5apache_activemqApache ActiveMQ version prior to 5.15.13 and 5.16.1

▶Debianactivemq< 5.16.1-1+2

▶NVDoracle/communications_session_route_manager8.0.0 — 8.2.2

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

Cross-site scripting (XSS) in Apache ActiveMQ↗2022-02-09

▶

OSV

Cross-site scripting (XSS) in Apache ActiveMQ↗2022-02-09

▶

CVEList

CVE-2020-13947: An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message↗2021-02-08

▶

OSV

CVE-2020-13947: An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message↗2021-02-08

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS Apache ActiveMQ Web Console message jsp Cross-Site Scripting (CVE-2020-13947) M1↗2025-01-17

▶

Suricata

ET WEB_SPECIFIC_APPS Apache ActiveMQ Web Console message jsp Cross-Site Scripting (CVE-2020-13947) M2↗2025-01-17

▶

📋Vendor Advisories

Debian

CVE-2020-13947: activemq - An instance of a cross-site scripting vulnerability was identified to be present...↗2020

▶