A vulnerability in the web-based administration console of Apache ActiveMQ could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system.
The vulnerability exists in the web-based administration console on the queue.jsp page of the affected software and is due to insufficient data filtering of the QueueFilter parameter. An attacker could exploit this vulnerability by persuading a user to access a link that submits malicious input to the targeted system. A successful exploit could allow the attacker to execute arbitrary script code in the context of the targeted user’s browser, access sensitive information, or perform other unauthorized actions.
Apache has confirmed the vulnerability and released software updates.
Security Impact Rating: Medium