Vulnerabilities > Apache > Activemq > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-08 | CVE-2020-13947 | Cross-site Scripting vulnerability in multiple products An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 through 5.16.0. | 6.1 |
| 2020-09-10 | CVE-2020-13920 | Missing Authentication for Critical Function vulnerability in multiple products Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. | 5.9 |
| 2020-05-14 | CVE-2020-1941 | Cross-site Scripting vulnerability in multiple products In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue. | 6.1 |
| 2019-05-23 | CVE-2019-0201 | Missing Authorization vulnerability in multiple products An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. | 5.9 |
| 2019-04-22 | CVE-2019-10241 | Cross-site Scripting vulnerability in multiple products In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents. | 6.1 |
| 2018-10-10 | CVE-2018-8006 | Cross-site Scripting vulnerability in Apache Activemq An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. | 6.1 |
| 2018-01-10 | CVE-2016-6810 | Cross-site Scripting vulnerability in Apache Activemq In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. | 6.1 |
| 2016-08-05 | CVE-2016-0782 | Cross-site Scripting vulnerability in Apache Activemq The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users to conduct cross-site scripting (XSS) attacks and consequently obtain sensitive information from a Java memory dump via vectors related to creating a queue. | 5.4 |
| 2016-04-07 | CVE-2016-0734 | 7PK - Security Features vulnerability in Apache Activemq The web-based administration console in Apache ActiveMQ 5.x before 5.13.2 does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRAME element. | 6.1 |