Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/06/10 8:59 a.m.7 views

CVE-2026-42253

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. The MessageServlet in the ActiveMQ web console API copies every JMS message property into an HTTP response header without any validation. This can allow...

6.1CVSS5.4AI score0.01107EPSS
Exploits1References1
OSV
OSV
added 2026/05/03 9:55 a.m.6 views

OESA-2026-2125 activemq security update

The most popular and powerful open source messaging and Integration Patterns server. Security Fixes: 'Severity: low \n\nAffected versions:\n\n- Apache ActiveMQ Client org.apache.activemq:activemq-client before 5.19.3\n- Apache ActiveMQ Client org.apache.activemq:activemq-client 6.0.0 before...

8.8CVSS6.4AI score0.96666EPSS
Exploits13References8
Cvelist
Cvelist
added 2026/04/24 10:16 a.m.35 views

CVE-2026-41043 Apache ActiveMQ, Apache ActiveMQ Web: ActiveMQ Web Console - XSS vulnerability when browsing queues

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. An authenticated attacker can show malicious content when browsing queues in the web console by overriding the content type to be HTML instead of XML and by injecting...

0.0056EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.8 views

PT-2026-34871

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ versions prior to 5.19.6 Apache ActiveMQ versions 6.0.0 through 6.2.4 Apache ActiveMQ Web versions prior to 5.19.6 Apache ActiveMQ Web versions 6.0.0 through 6.2.4 Description An authenticated attacker can display malicious...

6.5CVSS6AI score0.0056EPSS
Exploits0References29
Rows per page
Query Builder