CVE-2022-35278— HTML Injection in ActiveMQ Artemis Web Console
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-35278
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HTML Injection in ActiveMQ Artemis Web Console
Source: NVD (National Vulnerability Database)
Vulnerability Description
In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
Web页面中脚本相关HTML标签转义处理不恰当(基本跨站脚本)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Red Hat JBoss A-MQ 跨站脚本漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Red Hat JBoss A-MQ是美国红帽(Red Hat)公司的一套开源的消息传递平台。该平台用于集成应用程序、终端和设备,并提供各种消息传递模式以支持实时消息传递。 Red Hat JBoss A-MQ 7 plugin artemis存在安全漏洞,该漏洞源于下游组件使用的输出中特殊元素的不正确中和。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Apache Software Foundation | Apache ActiveMQ Artemis | unspecified ~ 2.23.1 | - |
II. Public POCs for CVE-2022-35278
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-35278
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same product: Apache ActiveMQ Artemis
- CVE-2025-27391
Apache ActiveMQ Artemis: Passwords leaking from broker prope - CVE-2025-27427
Apache ActiveMQ Artemis: Address routing-type can be updated - CVE-2023-50780
Apache ActiveMQ Artemis: Authenticated users could perform R - CVE-2022-23913
Apache ActiveMQ Artemis DoS - CVE-2021-26118
Flaw in ActiveMQ Artemis OpenWire support
Same vendor: Apache Software Foundation
- CVE-2026-39816
Apache NiFi: Missing Execute Code Required Permission on Tin - CVE-2026-25199
Apache CloudStack: Proxmox Extension Allows Unauthorized Cro - CVE-2026-25077
Apache CloudStack: Unauthenticated Command Injection in Dire - CVE-2025-69233
Apache CloudStack: Domain/account resources limits not honor - CVE-2025-66467
Apache CloudStack: MinIO policy remains intact on bucket del
Same weakness: CWE-80
- CVE-2021-47948
WordPress GetPaid Plugin 2.4.6 HTML Injection via Help Text - CVE-2026-42030
MapServer: Improper Neutralization of Script-Related HTML Ta - CVE-2026-44264
Weblate is vulnerable to XSS via crafted Markdown - CVE-2026-6002
HTML Injection in DivvyDrive Information Technologies' Divvy - CVE-2025-59854
HCL DFXAnalytics is affected by an Insecure Security Header
V. Comments for CVE-2022-35278
No comments yet