Skip to main content

Activemq Web

1 CVEs product

Monthly

CVE-2026-52760 MEDIUM PATCH This Month

Stored cross-site scripting in Apache ActiveMQ Web Console allows an authenticated message producer to inject malicious JavaScript via a crafted JMS message ID, which executes in the browser of any administrator who browses the affected queue. The browse page renders message IDs without HTML sanitization, enabling privilege escalation from producer to administrator via session hijacking or credential theft. No public exploit identified at time of analysis and not listed in CISA KEV; rated moderate severity by Apache, consistent with the authentication prerequisite and required user interaction.

XSS Apache Activemq Activemq Web
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Stored cross-site scripting in Apache ActiveMQ Web Console allows an authenticated message producer to inject malicious JavaScript via a crafted JMS message ID, which executes in the browser of any administrator who browses the affected queue. The browse page renders message IDs without HTML sanitization, enabling privilege escalation from producer to administrator via session hijacking or credential theft. No public exploit identified at time of analysis and not listed in CISA KEV; rated moderate severity by Apache, consistent with the authentication prerequisite and required user interaction.

XSS Apache Activemq +1
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy