Apache Activemq Web

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-41043 MEDIUM PATCH This Month

Stored XSS in Apache ActiveMQ and Apache ActiveMQ Web allows authenticated attackers to inject malicious HTML into JMS selector fields, which displays when other users browse queues in the web console. Affects ActiveMQ versions before 5.19.6 and 6.0.0 through 6.2.4; ActiveMQ Web before 5.19.6 and 6.0.0 through 6.2.4. The vulnerability requires valid authentication but no user interaction beyond normal queue browsing, and EPSS indicates very low exploitation probability (0.02%) despite the accessible attack vector.

XSS Apache Apache Activemq Apache Activemq Web
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-41043
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Stored XSS in Apache ActiveMQ and Apache ActiveMQ Web allows authenticated attackers to inject malicious HTML into JMS selector fields, which displays when other users browse queues in the web console. Affects ActiveMQ versions before 5.19.6 and 6.0.0 through 6.2.4; ActiveMQ Web before 5.19.6 and 6.0.0 through 6.2.4. The vulnerability requires valid authentication but no user interaction beyond normal queue browsing, and EPSS indicates very low exploitation probability (0.02%) despite the accessible attack vector.

XSS Apache Apache Activemq +1
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy