HTML Injection in ActiveMQ Artemis Web Console (CVE-2022-35278)
PRODUCT AFFECTED:
This issue affects Apache ActiveMQ Artemis.
PROBLEM:
An attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue.
WORKAROUND:
Upgrade to Apache ActiveMQ Artemis 2.24.0.
Credit:
Apache ActiveMQ would like to thank Yash Pandya (Digital14), Rajatkumar Karmarkar (Digital14), and Likhith Cheekatipalle (Digital14) for reporting this issue.
MODIFICATION HISTORY:
: Initial Publication.
RELATED LINKS:
CVE-2022-35278 at cve.mitre.org