vulnerability
Apache ActiveMQ: CVE-2016-6810: ActiveMQ Web Console - Cross-Site Scripting
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Jan 10, 2018 | Jan 9, 2024 | Jul 15, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Jan 10, 2018
Added
Jan 9, 2024
Modified
Jul 15, 2025
Description
In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is improper user data output validation.
Solution
apache-activemq-upgrade-latest
References
- CWE-79
- CVE-2016-6810
- https://attackerkb.com/topics/CVE-2016-6810
- URL-http://activemq.apache.org/security-advisories.data/CVE-2016-6810-announcement.txt
- URL-http://www.securityfocus.com/bid/94882
- URL-http://www.securitytracker.com/id/1037475
- URL-https://lists.apache.org/thread.html/924a3a27fad192d711436421e02977ff90d9fc0f298e1efe6757cfbc%40%3Cusers.activemq.apache.org%3E
- URL-https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.