Security Advisory

CVE-2020-13932

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-07-20 21:08:34

Last updated 2024-08-04 12:32:14

Assigner apache

State PUBLISHED

Description

In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability. The XSS payload is being injected into the admin consoles browser. The XSS payload is triggered in the diagram plugin; queue node and the info section.

← Browse all CVEs View on cve.org ↗