vulnerability
Apache ActiveMQ: CVE-2020-1941: XSS in WebConsole
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | May 14, 2020 | Jan 9, 2024 | Jul 2, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
May 14, 2020
Added
Jan 9, 2024
Modified
Jul 2, 2025
Description
In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.
Solution
apache-activemq-upgrade-latest
References
- CWE-79
- CVE-2020-1941
- https://attackerkb.com/topics/CVE-2020-1941
- URL-http://activemq.apache.org/security-advisories.data/CVE-2020-1941-announcement.txt
- URL-https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E
- URL-https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E
- URL-https://lists.apache.org/thread.html/re4672802b0e5ed67c08c9e77057d52138e062f77cc09581b723cf95a%40%3Ccommits.activemq.apache.org%3E
- URL-https://www.oracle.com//security-alerts/cpujul2021.html
- URL-https://www.oracle.com/security-alerts/cpuApr2021.html
- URL-https://www.oracle.com/security-alerts/cpujul2020.html
- URL-https://www.oracle.com/security-alerts/cpuoct2020.html
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.