漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Apache ActiveMQ, Apache ActiveMQ Web: ActiveMQ Web Console - XSS vulnerability when browsing queues
Vulnerability Description
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. An authenticated attacker can show malicious content when browsing queues in the web console by overriding the content type to be HTML (instead of XML) and by injecting HTML into a JMS selector field. This issue affects Apache ActiveMQ: before 5.19.6, from 6.0.0 before 6.2.5; Apache ActiveMQ Web: before 5.19.6, from 6.0.0 before 6.2.5. Users are recommended to upgrade to version 6.2.5 or 5.19.6, which fixes the issue.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Apache ActiveMQ和Apache ActiveMQ Web 跨站脚本漏洞
Vulnerability Description
Apache ActiveMQ和Apache ActiveMQ Web都是美国阿帕奇(Apache)基金会的产品。Apache ActiveMQ是一套开源的消息中间件,它支持Java消息服务、集群、Spring Framework等。Apache ActiveMQ Web是一个提供消息队列管理与监控界面的Web控制组件。 Apache ActiveMQ和Apache ActiveMQ Web存在跨站脚本漏洞,该漏洞源于对Web页面中脚本相关HTML标签的中和不当,可能导致经过身份验证的攻击者通过覆盖内容类
CVSS Information
N/A
Vulnerability Type
N/A