UBUNTU-CVE-2026-42253

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. The MessageServlet in the ActiveMQ web console API copies every JMS message property into an HTTP response header without any validation. This can allow...

EUVD-2026-33578

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. The MessageServlet in the ActiveMQ web console API copies every JMS message property into an HTTP response header without any validation. This can allow...

org.apache.activemq:activemq-osgi (>=6.0.0 <=6.2.3), org.apache.activemq:activemq-web-console (>=6.0.0 <=6.2.3) +2 more potentially affected by CVE-2026-41043 via org.apache.activemq:activemq-web (>=6.0.0 <=6.2.3)

org.apache.activemq:activemq-web MAVEN version =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.2.3 Source cves: CVE-2026-41043 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-16323116...

CVE-2026-41043

CVE-2026-41043 describes an XSS vulnerability in Apache ActiveMQ and Apache ActiveMQ Web. An authenticated attacker can cause the web console queues page to render HTML content by overriding the content type from XML to HTML and injecting HTML into a JMS selector field, leading to basic HTML/scri...

com.espertech:esperio-springjms (=9.0.0), org.apache.activemq.tooling:activemq-maven-plugin (>=6.0.0 <=6.2.3) +5 more potentially affected by CVE-2026-39304 via org.apache.activemq:activemq-all (>=6.0.0 <=6.2.3)

org.apache.activemq:activemq-all MAVEN version =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.2.3 Source cves: CVE-2026-39304 Source advisory: OSV:GHSA-5568-6QCG-G7FX...

org.apache.activemq:activemq-osgi (>=6.0.0 <=6.2.1), org.apache.activemq:activemq-web-console (>=6.0.0 <=6.2.1) +2 more potentially affected by CVE-2026-33227 via org.apache.activemq:activemq-web (>=6.0.0 <=6.2.1)

org.apache.activemq:activemq-web MAVEN version =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.2.1 Source cves: CVE-2026-33227 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-15930950...

com.espertech:esperio-springjms (=9.0.0), org.apache.activemq.tooling:activemq-maven-plugin (>=6.0.0 <=6.2.1) +5 more potentially affected by CVE-2026-33227 via org.apache.activemq:activemq-all (>=6.0.0 <=6.2.1)

org.apache.activemq:activemq-all MAVEN version =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.2.1 Source cves: CVE-2026-33227 Source advisory: OSV:GHSA-H2H4-5M64-M273...

Directory Traversal

Overview org.apache.activemq:activemq-web is a message broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Directory Traversal via improper validation of classpath path names in the key parameter during the creation of a Stomp consumer and while browsing message...

org.apache.activemq:apache-activemq (>=5.0.0 <=5.19.6), org.apache.axis2:axis2-integration (=1.4) +4 more potentially affected by CVE-2010-1587 via org.apache.activemq:activemq-web-console (>=5.0.0 <=5.3.0)

org.apache.activemq:activemq-web-console MAVEN version =5.0.0, =5.0.0, =5.19.6 - org.apache.axis2:axis2-integration =1.4 - org.apache.camel:camel-example-cxf =1.3.0 - org.apache.camel:camel-example-jms-file =1.3.0 - org.apache.camel:camel-example-spring-xquery =1.3.0 -...

org.apache.activemq:apache-activemq (>=5.0.0 <=5.15.11), org.apache.axis2:axis2-integration (=1.4) +3 more potentially affected by CVE-2020-1941 via org.apache.activemq:activemq-web-console (>=5.0.0 <=5.15.11)

org.apache.activemq:activemq-web-console MAVEN version =5.0.0, =5.0.0, =5.15.11 - org.apache.axis2:axis2-integration =1.4 - org.apache.camel:camel-example-cxf =1.3.0 - org.apache.camel:camel-example-jms-file =1.3.0 - org.apache.camel:camel-example-spring-xquery =1.3.0 Source cves: CVE-2020-1941...

Cross-site Scripting (XSS)

activemq-web-console is vulnerable to cross-site scripting XSS. The vulnerability exists as the values of row.properties in browse.jsp is not properly validated, allowing a remote attacker to inject and execute arbitrary Javascript into a user's browser via the affected parameters...

Cross-Site Scripting (XSS)

activemq-web-console is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser via the listing of queue contents in the admin GUI...