HomePentest-Tools.com Logo

Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability CVE-2010-1244CVE-2010-0684

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

Apache ActiveMQ is prone to cross-site scripting and cross-site request forgery vulnerabilities.

Risk description

The flaw is caused by improper validation of user-supplied input via the JMSDestination parameter to createDestination.action that allows the attackers to insert arbitrary HTML and script code. Successful exploitation will allow attackers to execute arbitrary web script or HTML in a users browser session in the context of an affected site.

Recommendation

Upgrade to the latest version of ActiveMQ 5.3.1 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Apr 5, 2010
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available