[AMQ-2714] Apache ActiveMQ is prone to XSS Vulnerability - ASF JIRA

Agile Board

Attach files

Attach Screenshot

Voters

Watch issue

Watchers

Create sub-task

Link

Clone

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: 5.3.0, 5.3.1
Fix Version/s: 5.4.0
Component/s: None
Labels:
None
Environment:

Windows XP

Description

Cross-Site Scripting Vulnerability exists in Apache ActiveMQ.
Example: http://localhost:8161/admin/queueBrowse/example.A?view=rss&feedType=<script>alert("ACTIVEMQ")</script>

Tested on 5.3.1 and 5.3.0 versions.

Attachments

AMQ-2714.zip
27/Apr/10 12:45
5 kB
Dejan Bosanac
AMQ_XSS.doc
26/Apr/10 21:48
68 kB
Arun

Activity

Comment

This comment will be Viewable by All Users Viewable by All Users

Cancel

People

Assignee:: Dejan Bosanac

Reporter:: Arun

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 26/Apr/10 21:09

Updated:: 27/Apr/10 17:24

Resolved:: 27/Apr/10 12:44

Agile

View on Board

Apache ActiveMQ is prone to XSS Vulnerability

Details

Description

Attachments

Attachments

Activity

People

Dates

Agile

Slack

Issue deployment