vulnerability
Apache ActiveMQ: CVE-2020-1941: Improper Neutralization of Input During Web Page Generation
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | May 14, 2020 | Jan 9, 2024 | Feb 24, 2026 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
May 14, 2020
Added
Jan 9, 2024
Modified
Feb 24, 2026
Description
In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.
Solution
apache-activemq-upgrade-latest
References
- CWE-79
- CVE-2020-1941
- https://attackerkb.com/topics/CVE-2020-1941
- URL-http://activemq.apache.org/security-advisories.data/CVE-2020-1941-announcement.txt
- URL-https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E
- URL-https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E
- URL-https://lists.apache.org/thread.html/re4672802b0e5ed67c08c9e77057d52138e062f77cc09581b723cf95a%40%3Ccommits.activemq.apache.org%3E
- URL-https://www.oracle.com//security-alerts/cpujul2021.html
- URL-https://www.oracle.com/security-alerts/cpuApr2021.html
- URL-https://www.oracle.com/security-alerts/cpujul2020.html
- URL-https://www.oracle.com/security-alerts/cpuoct2020.html
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.