CVE-2017-4967
MEDIUMRabbitMQ 3.4.x 3.5.x < 3.6.9 - Cross-Site Scripting in Management UI Forms
Title source: llmDescription
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks.
References (2)
Core 2
Core References
Mitigation, Vendor Advisory x_refsource_confirm
https://pivotal.io/security/cve-2017-4965
Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html
Scores
CVSS v3
6.1
EPSS
0.0051
EPSS Percentile
66.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (50)
broadcom/rabbitmq_server
3.4.0
broadcom/rabbitmq_server
3.4.1
broadcom/rabbitmq_server
3.4.2
broadcom/rabbitmq_server
3.4.3
broadcom/rabbitmq_server
3.4.4
broadcom/rabbitmq_server
3.5.0
broadcom/rabbitmq_server
3.5.1
broadcom/rabbitmq_server
3.5.2
broadcom/rabbitmq_server
3.5.3
broadcom/rabbitmq_server
3.5.6
... and 40 more
Published
Jun 13, 2017
Tracked Since
Feb 18, 2026