CVE-2014-8110
EPSS 3.9%Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ
Published: 5/14/2022Modified: 12/3/2024
Description
Multiple cross-site scripting (XSS) vulnerabilities in the web based administration console in Apache ActiveMQ 5.x before 5.10.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Affected packages (1)
- Maven/org.apache.activemq:activemq-client>= 5.0.0, < 5.10.1
References (12)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2014-8110
- PATCHhttps://github.com/apache/activemq
- WEBhttp://activemq.apache.org/security-advisories.data/CVE-2014-8110-announcement.txt
- WEBhttp://seclists.org/oss-sec/2015/q1/427
- WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/100724
- WEBhttps://github.com/apache/activemq/commit/994d9b26
- WEBhttps://github.com/apache/activemq/commit/f8b3de86d8154db5680433e46734b2bd9ced852b
- WEBhttps://issues.apache.org/jira/browse/AMQ-5033
- WEBhttps://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E
- WEBhttps://web.archive.org/web/20161110092459/http://secunia.com/advisories/62649
- WEBhttps://web.archive.org/web/20200228044455/http://www.securityfocus.com/bid/72511