| CVE-2014-8110: ActiveMQ Web Console - Cross-Site Scripting | |
| Severity: Important | |
| Vendor: | |
| The Apache Software Foundation | |
| Versions Affected: | |
| Apache ActiveMQ 5.0.0 - 5.10.0 | |
| Description: | |
| Several instances of cross-site scripting vulnerabilities were identified to be present in the web based administration console. The root cause of this issue is improper user data output validation. | |
| Mitigation: | |
| Upgrade to Apache ActiveMQ 5.10.1 or 5.11.0 | |
| Credit: | |
| This issue was discovered by Georgi Geshev from MWR Labs |