ActiveMQ
  1. ActiveMQ
  2. AMQ-4397

XSS vulnerability in scheduled.jsp

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 5.8.0
    • Fix Version/s: 5.9.0
    • Component/s: None
    • Labels:
      None

      Description

      If string like * * * * *<script>alert(1)</script> is entered into cron of a message, JS code will be executed on the scheduled.jsp page.

        Activity

        Hide
        Dejan Bosanac added a comment - - edited

        Fixed with svn revision 1459265. Thanks to Gursev Kalra for reporting.

        Show
        Dejan Bosanac added a comment - - edited Fixed with svn revision 1459265. Thanks to Gursev Kalra for reporting.

          People

          • Assignee:
            Dejan Bosanac
            Reporter:
            Dejan Bosanac
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development