4 matches found
CVE-2026-42253
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. The MessageServlet in the ActiveMQ web console API copies every JMS message property into an HTTP response header without any validation. This can allow...
OESA-2026-2125 activemq security update
The most popular and powerful open source messaging and Integration Patterns server. Security Fixes: 'Severity: low \n\nAffected versions:\n\n- Apache ActiveMQ Client org.apache.activemq:activemq-client before 5.19.3\n- Apache ActiveMQ Client org.apache.activemq:activemq-client 6.0.0 before...
CVE-2026-41043 Apache ActiveMQ, Apache ActiveMQ Web: ActiveMQ Web Console - XSS vulnerability when browsing queues
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. An authenticated attacker can show malicious content when browsing queues in the web console by overriding the content type to be HTML instead of XML and by injecting...
PT-2026-34871
Name of the Vulnerable Software and Affected Versions Apache ActiveMQ versions prior to 5.19.6 Apache ActiveMQ versions 6.0.0 through 6.2.4 Apache ActiveMQ Web versions prior to 5.19.6 Apache ActiveMQ Web versions 6.0.0 through 6.2.4 Description An authenticated attacker can display malicious...