Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:21676
HistoryApr 17, 2009 - 12:00 a.m.

DDIVRT-2009-23 Apache ActiveMQ Numerous Cross Site Scripting Issues

2009-04-1700:00:00
vulners.com
16
JSON

Title

DDIVRT-2009-23 Apache ActiveMQ Numerous Cross Site Scripting Issues

Severity

Low

Date Discovered

February 23rd, 2009

Discovered By

Digital Defense, Inc. Vulnerability Research Team
Credit: David Marshall and r@b13$

Vulnerability Description

ActiveMQ 5.2.0’s /admin interface gathers input from the user in numerous forms which are not properly sanitized.
Attackers may insert script tags to have them execute when a user browses the affected areas of the page.

Solution Description

User-supplied inputs should not be rendered as executable script code when presented back to the user.

Tested Systems / Software (with versions)

Windows XP SP3, ActiveMQ 5.2.0 Release Windows Binary

Vendor Contact

Vendor Name: The Apache Software Foundation
Vendor Website: http://activemq.apache.org/

JSON