Lucene search
K

9 matches found

OSV
OSV
added 2026/06/24 1:12 p.m.5 views

OESA-2026-2725 activemq security update

The most popular and powerful open source messaging and Integration Patterns server. Security Fixes: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. The MessageServlet in the ActiveMQ web console API copies...

8.8CVSS6.5AI score0.01107EPSS
Exploits2References7
OSV
OSV
added 2026/06/24 1:12 p.m.4 views

OESA-2026-2724 activemq security update

The most popular and powerful open source messaging and Integration Patterns server. Security Fixes: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. The MessageServlet in the ActiveMQ web console API copies...

8.8CVSS6.5AI score0.01107EPSS
Exploits2References7
OSV
OSV
added 2026/06/05 5:38 a.m.13 views

BIT-ACTIVEMQ-2026-42253 Apache ActiveMQ, Apache ActiveMQ Web: HTTP Response Header Injection via JMS Message Properties

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. The MessageServlet in the ActiveMQ web console API copies every JMS message property into an HTTP response header without any validation. This can allow...

6.1CVSS5.4AI score0.01107EPSS
Exploits1References3
Snyk
Snyk
added 2026/06/01 10:29 a.m.8 views

Cross-site Scripting (XSS)

Overview org.apache.activemq:activemq-all is a package that puts together an ActiveMQ jar bundle. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the MessageServlet component. An attacker can inject arbitrary HTTP response headers by setting malicious JMS message...

6.1CVSS5.5AI score0.01107EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/01 10:29 a.m.8 views

Cross-site Scripting (XSS)

Overview org.apache.activemq:activemq-web is a message broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the MessageServlet component. An attacker can inject arbitrary HTTP response headers by setting malicious JMS message...

6.1CVSS5.5AI score0.01107EPSS
Exploits1References2
NVD
NVD
added 2026/06/01 9:16 a.m.19 views

CVE-2026-42253

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. The MessageServlet in the ActiveMQ web console API copies every JMS message property into an HTTP response header without any validation. This can allow...

6.1CVSS0.01107EPSS
Exploits1References2
OSV
OSV
added 2026/06/01 9:16 a.m.24 views

UBUNTU-CVE-2026-42253

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. The MessageServlet in the ActiveMQ web console API copies every JMS message property into an HTTP response header without any validation. This can allow...

6.1CVSS5.8AI score0.01107EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/06/01 7:23 a.m.38 views

CVE-2026-42253 Apache ActiveMQ, Apache ActiveMQ Web: HTTP Response Header Injection via JMS Message Properties

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. The MessageServlet in the ActiveMQ web console API copies every JMS message property into an HTTP response header without any validation. This can allow...

0.01107EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.14 views

Apache ActiveMQ 安全漏洞

Apache ActiveMQ is an open-source messaging middleware developed by the Apache Foundation in the United States. It supports Java Message Service, clustering, Spring Framework, etc. There is a security vulnerability in Apache ActiveMQ. This vulnerability stems from the MessageServlet in the web...

6.1CVSS5.3AI score0.01107EPSS
Exploits1References2
Rows per page
Query Builder