You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@activemq.apache.org by Jean-Baptiste Onofre <jb...@nanthrax.net> on 2021/02/08 05:24:28 UTC
CVE-2020-13947 - XSS in WebConsole
CVE-2020-13947 - XSS in WebConsole
Severity: Medium
Vendor:
The Apache Software Foundation
Versions Affected:
Apache ActiveMQ prior to 5.15.12 and 5.16.0
Description:
An instance of a cross-site scripting
vulnerability was identified to be present in the web based
administration console on the message.jsp page of Apache ActiveMQ
versions 5.15.12 to 5.16.0.
Mitigation:
Upgrade to at least Apache ActiveMQ 5.15.13 or 5.16.1
Credit:
This issue was discovery by:
* qiang qiang <si...@gmail.com>
Re: CVE-2020-13947 - XSS in WebConsole
Posted by Jean-Baptiste Onofre <jb...@nanthrax.net>.
Update about this CVE.
The mitigation is to upgrade to at least Apache ActiveMQ 5.15.14 or 5.16.1.
> Le 8 févr. 2021 à 06:24, Jean-Baptiste Onofre <jb...@nanthrax.net> a écrit :
>
> CVE-2020-13947 - XSS in WebConsole
>
> Severity: Medium
>
> Vendor:
> The Apache Software Foundation
>
> Versions Affected:
> Apache ActiveMQ prior to 5.15.12 and 5.16.0
>
> Description:
> An instance of a cross-site scripting
> vulnerability was identified to be present in the web based
> administration console on the message.jsp page of Apache ActiveMQ
> versions 5.15.12 to 5.16.0.
>
> Mitigation:
> Upgrade to at least Apache ActiveMQ 5.15.13 or 5.16.1
>
> Credit:
> This issue was discovery by:
>
> * qiang qiang <si...@gmail.com>
>
Re: CVE-2020-13947 - XSS in WebConsole
Posted by Jean-Baptiste Onofre <jb...@nanthrax.net>.
Update about this CVE.
The mitigation is to upgrade to at least Apache ActiveMQ 5.15.14 or 5.16.1.
> Le 8 févr. 2021 à 06:24, Jean-Baptiste Onofre <jb...@nanthrax.net> a écrit :
>
> CVE-2020-13947 - XSS in WebConsole
>
> Severity: Medium
>
> Vendor:
> The Apache Software Foundation
>
> Versions Affected:
> Apache ActiveMQ prior to 5.15.12 and 5.16.0
>
> Description:
> An instance of a cross-site scripting
> vulnerability was identified to be present in the web based
> administration console on the message.jsp page of Apache ActiveMQ
> versions 5.15.12 to 5.16.0.
>
> Mitigation:
> Upgrade to at least Apache ActiveMQ 5.15.13 or 5.16.1
>
> Credit:
> This issue was discovery by:
>
> * qiang qiang <si...@gmail.com>
>