Details
Description
GET /createDestination.action?JMSDestinationType=queue&JMSDestination=%22%3E%3Cscript%3Ealert%28%22persistent%20XSS%22%29%3C%2fscript%3E
This GET request creates a queue name that has malformed queue name due to lack of input validation. After sending this request a sample of the effect can be seen by browsing to /queues.jsp and clicking on the "Home" link.
I do not know the affected version information yet. Is there some way I can find it?
Additionally, this is vulnerable to cross-site request forgery as well but XSS is a more critical bug than XSRF (at least at this point for me I guess).
CVE Identifier issued for this:
CVE-2010-0684