====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN082
_____________________________________________________________________

DATE                : 09/02/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S):  Systems running Apache ActiveMQ versions prior to
                                 5.15.13, 5.16.1.

=====================================================================
http://mail-archives.apache.org/mod_mbox/activemq-users/202102.mbox/%3c73AC6C7E-C1C4-42FD-98A7-2F1DD6703F49@nanthrax.net%3e
_____________________________________________________________________

CVE-2020-13947 - XSS in WebConsole

Severity: Medium

Vendor:
The Apache Software Foundation

Versions Affected:
Apache ActiveMQ prior to 5.15.12 and 5.16.0

Description:
An instance of a cross-site scripting
vulnerability was identified to be present in the web based
administration console on the message.jsp page of Apache ActiveMQ
versions 5.15.12 to 5.16.0.

Mitigation:
Upgrade to at least Apache ActiveMQ 5.15.13 or 5.16.1

Credit:
This issue was discovery by:

* qiang qiang <silbul2017 () gmail com>

=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================