output/security-advisories.data/CVE-2022-35278-announcement.txt - activemq-website - Git at Google

 HTML Injection in ActiveMQ Artemis Web Console (CVE-2022-35278)
 PRODUCT AFFECTED:
 This issue affects Apache ActiveMQ Artemis.

 PROBLEM:
 An attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue.

 WORKAROUND:

 Upgrade to Apache ActiveMQ Artemis 2.24.0.

 Credit:

 Apache ActiveMQ would like to thank Yash Pandya (Digital14), Rajatkumar Karmarkar (Digital14), and Likhith Cheekatipalle (Digital14) for reporting this issue.

 MODIFICATION HISTORY:
 : Initial Publication.
 RELATED LINKS:
 CVE-2022-35278 at cve.mitre.org
	HTML Injection in ActiveMQ Artemis Web Console (CVE-2022-35278)
	PRODUCT AFFECTED:
	This issue affects Apache ActiveMQ Artemis.

	PROBLEM:
	An attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue.

	WORKAROUND:

	Upgrade to Apache ActiveMQ Artemis 2.24.0.

	Credit:

	Apache ActiveMQ would like to thank Yash Pandya (Digital14), Rajatkumar Karmarkar (Digital14), and Likhith Cheekatipalle (Digital14) for reporting this issue.

	MODIFICATION HISTORY:
	: Initial Publication.
	RELATED LINKS:
	CVE-2022-35278 at cve.mitre.org