Skip to main content

Rabbitmq Server CVE-2014-9649

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2015-01-27 security@ubuntu.com
4.3
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:N/I:P/A:N
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
P
Availability
None

Lifecycle Timeline

1
CVE Published
Jan 27, 2015 - 20:02 cve.org
MEDIUM 4.3

DescriptionCVE.org

Cross-site scripting (XSS) vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to api/, which is not properly handled in an error message.

AnalysisAI

Cross-site scripting (XSS) vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross-site scripting (XSS) vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to api/, which is not properly handled in an error message. Affected products include: Broadcom Rabbitmq Server. Version information: through 3.4..

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2019-11287 HIGH POC
7.5 Nov 23

Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x ver

CVE-2016-9877 CRITICAL
9.8 Dec 29

An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.

CVE-2025-50200 MEDIUM POC
5.5 Jun 19

RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and prior, RabbitMQ is logging authorization headers in

CVE-2026-57219 HIGH
8.7 Jul 10

Sensitive credential disclosure in RabbitMQ affects installations running the management plugin with OAuth 2 configured

CVE-2017-4966 HIGH
7.8 Jun 13

An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions p

CVE-2021-22117 HIGH
7.8 May 18

RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing

CVE-2026-57220 HIGH
7.5 Jul 10

Memory-exhaustion denial of service in RabbitMQ server prior to 4.2.6 allows an unauthenticated remote client to crash o

CVE-2026-57214 HIGH
7.1 Jul 10

Stored cross-site scripting in the RabbitMQ management UI (versions prior to 4.2.5) lets a user holding queue/exchange d

CVE-2026-57212 HIGH
7.1 Jul 10

Uncontrolled resource consumption in the RabbitMQ Management plugin's HTTP API lets an authenticated client crash or deg

CVE-2026-57217 HIGH
7.0 Jul 10

Authorization bypass in RabbitMQ topic permissions lets an authenticated user with restricted topic rights publish to or

CVE-2026-57215 HIGH
7.0 Jul 10

Improper authorization in RabbitMQ broker (versions prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6) allows an authenticated

CVE-2026-57216 CRITICAL
10.0 Jul 10

Authentication bypass in RabbitMQ (broker versions prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6) lets a loopback-restrict

Share

CVE-2014-9649 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy