CVE-2022-35278

In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue.

Published: Aug 23, 2022
Updated: May 9, 2024
CVE: CVE-2022-35278
GHSA: GHSA-cv6r-h2fm-pvrp
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-79
CWE-80

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
apache / activemq_artemis	-	2.24.0
org.apache.activemq / artemis-server	-	2.24.0

https://lists.apache.org/thread/bh6y81wtotg75337bpvxcjy436zfgf3n
https://security.netapp.com/advisory/ntap-20221209-0005/

Vulnerability Database

289,697

CVE-2022-35278