TUCoPS :: Web :: Apache :: va3190.htm

Apache ActiveMQ Numerous Cross Site Scripting Issues
DDIVRT-2009-23 Apache ActiveMQ Numerous Cross Site Scripting Issues
DDIVRT-2009-23 Apache ActiveMQ Numerous Cross Site Scripting Issues



Title=0D
-----=0D
DDIVRT-2009-23 Apache ActiveMQ Numerous Cross Site Scripting Issues=0D
=0D
Severity=0D
--------=0D
Low=0D
=0D
Date Discovered=0D
---------------=0D
February 23rd, 2009=0D
=0D
Discovered By=0D
-------------=0D
Digital Defense, Inc. Vulnerability Research Team=0D
Credit: David Marshall and r@b13$=0D
=0D
Vulnerability Description=0D
-------------------------=0D
ActiveMQ 5.2.0=92s /admin interface gathers input from the user in numerous forms which are not properly sanitized.  Attackers may insert script tags to have them execute when a user browses the affected areas of the page.=0D
=0D
Solution Description=0D
--------------------=0D
User-supplied inputs should not be rendered as executable script code when presented back to the user.=0D
=0D
Tested Systems / Software (with versions)=0D
------------------------------------------=0D
Windows XP SP3, ActiveMQ 5.2.0 Release Windows Binary=0D
=0D
Vendor Contact=0D
--------------=0D
Vendor Name: The Apache Software Foundation=0D
Vendor Website: http://activemq.apache.org/=0D 

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH