CVE-2014-8110

Apache Activemq < 5.10.1 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in the web based administration console in Apache ActiveMQ 5.x before 5.10.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Exploits (1)

nomisec STUB 1 stars

by tafamace · poc

https://github.com/tafamace/CVE-2014-8110

View Code ZIP pw:eip

References (6)

[Vendor Advisory] http://activemq.apache.org/security-advisories.data/CVE-2014-8110-announcement.txt

[Mailing List] http://seclists.org/oss-sec/2015/q1/427

[Third Party Advisory] http://secunia.com/advisories/62649

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/72511

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/100724

[Mailing List] https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E

Scores

EPSS 0.0391

EPSS Percentile 88.3%

Details

CWE

CWE-79

Status published

Products (19)

apache/activemq 5.0.0

apache/activemq 5.1.0

apache/activemq 5.2.0

apache/activemq 5.3.0

apache/activemq 5.3.1

apache/activemq 5.3.2

apache/activemq 5.4.0

apache/activemq 5.4.1

apache/activemq 5.4.2

apache/activemq 5.4.3

... and 9 more

Published Feb 12, 2015

Tracked Since Feb 18, 2026