Skip to main content

Jboss A Mq CVE-2015-5181

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2017-09-25 secalert@redhat.com
5.4
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 25, 2017 - 21:29 cve.org
MEDIUM 5.4

DescriptionCVE.org

The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript.

AnalysisAI

The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript. Affected products include: Redhat Jboss A-Mq.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2015-7501 CRITICAL
9.8 Nov 09

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5

CVE-2021-4104 HIGH
7.5 Dec 14

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Lo

CVE-2013-4372 MEDIUM POC
4.3 Sep 30

Multiple cross-site scripting (XSS) vulnerabilities in Fuse Management Console in Red Hat JBoss Fuse 6.0.0 before patch

CVE-2015-5183 HIGH
7.5 Sep 25

Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ. Rated high severity (CVSS 7.5), this vulnerab

CVE-2022-1278 HIGH
7.5 Sep 13

A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload

CVE-2023-1664 MEDIUM
6.5 May 26

A flaw was found in Keycloak. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentic

CVE-2023-4066 MEDIUM
5.5 Sep 27

A flaw was found in Red Hat's AMQ Broker, which stores certain passwords in a secret security-properties-prop-module, de

CVE-2023-4065 MEDIUM
5.5 Sep 27

A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, sho

CVE-2021-3536 MEDIUM
4.8 May 20

A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin conso

CVE-2021-3425 MEDIUM
4.4 Jun 01

A flaw was found in the AMQ Broker that discloses JDBC encrypted usernames and passwords when provided in the AMQ Broker

CVE-2014-0085 LOW
2.1 Apr 17

JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. Rated low severity (CVSS 2.1)

Share

CVE-2015-5181 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy