CVE-2010-0684

Apache ActiveMQ <5.3.1 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.

References (9)

[Patch] http://activemq.apache.org/activemq-531-release.html

[Vendor Advisory] http://secunia.com/advisories/39223

[Exploit] http://securitytracker.com/id?1023778

[Exploit] http://www.rajatswarup.com/CVE-2010-0684.txt

[Patch] http://www.securityfocus.com/bid/39119

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/57397

[Exploit] https://issues.apache.org/activemq/browse/AMQ-2613

[Exploit] https://issues.apache.org/activemq/browse/AMQ-2625

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/510419/100/0/threaded

Scores

EPSS 0.0039

EPSS Percentile 59.5%

Classification

CWE

CWE-79

Status published

Affected Products (25)

apache/activemq < 5.3.0

apache/activemq

... and 10 more

Timeline

Published Apr 05, 2010

Tracked Since Feb 18, 2026