HTML Injection in ActiveMQ Artemis Web Console

GHSA-cv6r-h2fm-pvrp · CVE-2022-35278

Published Aug 24, 2022 · Modified Feb 16, 2024

Description

In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2022-35278
WEB https://lists.apache.org/thread/bh6y81wtotg75337bpvxcjy436zfgf3n
WEB https://security.netapp.com/advisory/ntap-20221209-0005

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes