CVE-2018-8006

MEDIUM EXPLOITED NUCLEI

Apache ActiveMQ <5.15.5 - XSS

Title source: llm

Description

An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter.

Nuclei Templates (1)

Apache ActiveMQ <=5.15.5 - Cross-Site Scripting

MEDIUMby pdteam

Shodan: cpe:"cpe:2.3:a:apache:activemq" || product:"activemq openwire transport"

References (10)

[Vendor Advisory] http://activemq.apache.org/security-advisories.data/CVE-2018-8006-announcement.txt

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/105156

[Mailing List] https://lists.apache.org/thread.html/2b5c0039197a4949f29e1e2c9441ab38d242946b966f61c110808bcc%40%3Ccommits.activemq.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/03f91b1fb85686a848cee6b90112cf6059bd1b21b23bacaa11a962e1%40%3Cdev.activemq.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/3f1e41bc9153936e065ca3094bd89ff8167ad2d39ac0b410f24382d2%40%3Cgitbox.activemq.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/c0ec53b72b3240b187afb1cf67e4309a9e5f607282010aa196734814%40%3Cgitbox.activemq.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/fcbe6ad00f1de142148c20d813fae3765dc4274955e3e2f3ca19ff7b%40%3Cdev.activemq.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/rb698ed085f79e56146ca24ab359c9ef95846618675ea1ef402e04a6d%40%3Ccommits.activemq.apache.org%3E

Scores

CVSS v3 6.1

EPSS 0.7995

EPSS Percentile 99.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

VulnCheck KEV 2023-12-05

CWE

CWE-79

Status published

Products (2)

apache/activemq 5.0.0 - 5.15.5

org.apache.activemq/activemq-web-console 5.0.0 - 5.15.6Maven

Published Oct 10, 2018

Tracked Since Feb 18, 2026