| HTML Injection in ActiveMQ Artemis Web Console (CVE-2022-35278) |
| PRODUCT AFFECTED: |
| This issue affects Apache ActiveMQ Artemis. |
| |
| PROBLEM: |
| An attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue. |
| |
| WORKAROUND: |
| |
| Upgrade to Apache ActiveMQ Artemis 2.24.0. |
| |
| Credit: |
| |
| Apache ActiveMQ would like to thank Yash Pandya (Digital14), Rajatkumar Karmarkar (Digital14), and Likhith Cheekatipalle (Digital14) for reporting this issue. |
| |
| MODIFICATION HISTORY: |
| : Initial Publication. |
| RELATED LINKS: |
| CVE-2022-35278 at cve.mitre.org |