Lucene search
K

4 matches found

CVE
CVE
added 2026/06/01 7:23 a.m.65 views

CVE-2026-42253

CVE-2026-42253 affects Apache ActiveMQ and Apache ActiveMQ Web. The vulnerability arises in the MessageServlet of the web console API, which copies every JMS message property into HTTP response headers without validation, enabling potential HTTP header injection and cross-site scripting via JMS m...

6.1CVSS5.8AI score0.01107EPSS
Web
CVE
CVE
added 2026/04/07 7:50 a.m.38 views

CVE-2026-33227

CVE-2026-33227 affects Apache ActiveMQ family (Client, Broker, All, Web) via an improper validation and restriction of classpath path name. In two contexts (creating a Stomp consumer and browsing Web console messages), an authenticated user could craft a key to traverse the classpath due to path ...

4.3CVSS5.8AI score0.00419EPSS
CVE
CVE
added 2026/06/30 9:50 a.m.25 views

CVE-2026-52760

CVE-2026-52760 is a Cross-site Scripting vulnerability in Apache ActiveMQ and its Web Console. The issue arises because the browse page renders a JMS message ID directly without sanitization, enabling an authenticated producer to send a crafted message ID that contains HTML/JavaScript, which will...

6.1CVSS5.7AI score0.00667EPSS
CVE
CVE
added 2026/04/24 10:16 a.m.22 views

CVE-2026-41043

CVE-2026-41043 describes an XSS vulnerability in Apache ActiveMQ and Apache ActiveMQ Web. An authenticated attacker can cause the web console queues page to render HTML content by overriding the content type from XML to HTML and injecting HTML into a JMS selector field, leading to basic HTML/scri...

6.5CVSS5.3AI score0.0056EPSS