CVE-2022-35278

Summary

In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache ActiveMQ Artemisunspecified <= 2.23.1affected

Weaknesses

  • CWE-80: CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Workarounds

Upgrade to Apache ActiveMQ Artemis 2.24.0.

ADP Enrichment

CVE Program Container

Additional References

References