You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@activemq.apache.org by Jean-Baptiste Onofre <jb...@nanthrax.net> on 2021/02/08 05:24:28 UTC

CVE-2020-13947 - XSS in WebConsole

CVE-2020-13947 - XSS in WebConsole

Severity: Medium

Vendor:
The Apache Software Foundation

Versions Affected:
Apache ActiveMQ prior to 5.15.12 and 5.16.0

Description:
An instance of a cross-site scripting
vulnerability was identified to be present in the web based
administration console on the message.jsp page of Apache ActiveMQ
versions 5.15.12 to 5.16.0.

Mitigation:
Upgrade to at least Apache ActiveMQ 5.15.13 or 5.16.1

Credit:
This issue was discovery by:

* qiang qiang <si...@gmail.com>

Re: CVE-2020-13947 - XSS in WebConsole

Posted by Jean-Baptiste Onofre <jb...@nanthrax.net>.

Update about this CVE.

The mitigation is to upgrade to at least Apache ActiveMQ 5.15.14 or 5.16.1.

> Le 8 févr. 2021 à 06:24, Jean-Baptiste Onofre <jb...@nanthrax.net> a écrit :
> 
> CVE-2020-13947 - XSS in WebConsole
> 
> Severity: Medium
> 
> Vendor:
> The Apache Software Foundation
> 
> Versions Affected:
> Apache ActiveMQ prior to 5.15.12 and 5.16.0
> 
> Description:
> An instance of a cross-site scripting
> vulnerability was identified to be present in the web based
> administration console on the message.jsp page of Apache ActiveMQ
> versions 5.15.12 to 5.16.0.
> 
> Mitigation:
> Upgrade to at least Apache ActiveMQ 5.15.13 or 5.16.1
> 
> Credit:
> This issue was discovery by:
> 
> * qiang qiang <si...@gmail.com>
>

Re: CVE-2020-13947 - XSS in WebConsole

Posted by Jean-Baptiste Onofre <jb...@nanthrax.net>.

Update about this CVE.

The mitigation is to upgrade to at least Apache ActiveMQ 5.15.14 or 5.16.1.

> Le 8 févr. 2021 à 06:24, Jean-Baptiste Onofre <jb...@nanthrax.net> a écrit :
> 
> CVE-2020-13947 - XSS in WebConsole
> 
> Severity: Medium
> 
> Vendor:
> The Apache Software Foundation
> 
> Versions Affected:
> Apache ActiveMQ prior to 5.15.12 and 5.16.0
> 
> Description:
> An instance of a cross-site scripting
> vulnerability was identified to be present in the web based
> administration console on the message.jsp page of Apache ActiveMQ
> versions 5.15.12 to 5.16.0.
> 
> Mitigation:
> Upgrade to at least Apache ActiveMQ 5.15.13 or 5.16.1
> 
> Credit:
> This issue was discovery by:
> 
> * qiang qiang <si...@gmail.com>
>