CVE-2020-13947

Description

An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 through 5.16.0.

Affected Software
References

Software	From	Fixed in
apache / activemq	-	5.15.14
apache / activemq	5.16.0	5.16.1
oracle / communications_session_report_manager	8.0.0	8.2.2.x
oracle / communications_session_route_manager	8.0.0	8.2.2.x
org.apache.activemq / activemq-parent	-	5.15.14
org.apache.activemq / activemq-parent	5.16.0	5.16.1

http://activemq.apache.org/security-advisories.data/CVE-2020-13947-announcement.txt
https://lists.apache.org/thread.html/r021c490028f61c8b6f7e38efb98e61693b0cbb6b99b02238c6fc7d66@%3Ccommits.activemq.apache.org%3E
https://lists.apache.org/thread.html/r021c490028f61c8b6f7e38efb98e61693b0cbb6b99b02238c6fc7d66%40%3Ccommits.activemq.apache.org%3E
https://lists.apache.org/thread.html/ra66791f1f2b59fa651a81cec5202acdfbf34c2154fc0ff200301cc1c@%3Cdev.activemq.apache.org%3E
https://lists.apache.org/thread.html/ra66791f1f2b59fa651a81cec5202acdfbf34c2154fc0ff200301cc1c@%3Cusers.activemq.apache.org%3E
https://lists.apache.org/thread.html/ra66791f1f2b59fa651a81cec5202acdfbf34c2154fc0ff200301cc1c%40%3Cdev.activemq.apache.org%3E
https://lists.apache.org/thread.html/ra66791f1f2b59fa651a81cec5202acdfbf34c2154fc0ff200301cc1c%40%3Cusers.activemq.apache.org%3E
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html

Severity: Medium

CVE: CVE-2020-13947
GHSA: GHSA-66gw-ch5v-74v8
Published: Feb 8, 2021
Updated: Nov 8, 2023
Exploit:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79

A7 - Cross-Site Scripting (XSS)

CVE-2020-13947

Description

Details

CVSS v3

CVSS v2

CWEs

OWASP TOP 10