CVE-2026-52760
- EPSS 0.26%
- Veröffentlicht 30.06.2026 09:50:30
- Zuletzt bearbeitet 02.07.2026 18:42:09
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache ActiveMQ, Apache ActiveMQ Web Console. The browse page in the web console renders a message Id directly without sanitization. This allows an...
CVE-2026-42253
- EPSS 1.11%
- Veröffentlicht 01.06.2026 09:16:18
- Zuletzt bearbeitet 01.06.2026 17:06:34
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. The MessageServlet in the ActiveMQ web console API copies every JMS message property into an HTTP response he...
CVE-2026-41043
- EPSS 0.56%
- Veröffentlicht 24.04.2026 10:16:23
- Zuletzt bearbeitet 27.04.2026 14:49:24
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. An authenticated attacker can show malicious content when browsing queues in the web console by overriding the conte...
CVE-2026-33227
- EPSS 0.42%
- Veröffentlicht 07.04.2026 07:50:58
- Zuletzt bearbeitet 20.04.2026 16:50:36
Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ. In two instances (when creating a Stomp consumer and also b...