QwikSec

Security Database

CVE

CWE

Training

CVE-2020-13932

Published: Jul 20, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability. The XSS payload is being injected into the admin console's browser. The XSS payload is triggered in the diagram plugin; queue node and the info section.

Vendor	Product	Versions
n/a	Apache ActiveMQ Artemis	affected `Apache ActiveMQ Artemis 2.5.0 to 2.13.0`

References

https://activemq.apache.org/security-advisories.data/CVE-2020-13932-announcement.txt

x_refsource_MISC

[activemq-users] 20200721 Re: [ANNOUNCE] CVE-2020-13932 Apache ActiveMQ Artemis - Remote XSS in Web console Diagram Plugin

mailing-list

x_refsource_MLIST

[activemq-commits] 20210127 [activemq-website] branch master updated: Publish CVE-2021-26118

mailing-list

x_refsource_MLIST

[activemq-commits] 20210127 [activemq-website] branch master updated: Publish CVE-2021-26117

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.