CVE-2022-35278Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Apache Activemq Artemis

CWE-80Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)CWE-79Cross-site ScriptingCWE-74Injection6 documents5 sources
Severity
6.1MEDIUMNVD
EPSS
7.9%
top 7.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Activemq ArtemisApache Software Foundation Apache Activemq Artemis
Timeline
PublishedAug 23
Latest updateAug 24

Description

In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

CVEListV5apache_software_foundation/apache_activemq_artemisunspecified2.23.1

🔴Vulnerability Details

4
GHSA
HTML Injection in ActiveMQ Artemis Web Console2022-08-24
OSV
HTML Injection in ActiveMQ Artemis Web Console2022-08-24
CVEList
HTML Injection in ActiveMQ Artemis Web Console2022-08-23
OSV
CVE-2022-35278: In Apache ActiveMQ Artemis prior to 22022-08-23

📋Vendor Advisories

1
Red Hat
activemq-artemis: AMQ Broker web console HTML Injection2022-08-18
CVE-2022-35278 — Apache Activemq Artemis vulnerability | cvebase