Intrusion Prevention

Apache.ActiveMQ.Web.Console.message.jsp.XSS

Description

This indicates an attack attempt to exploit a Cross-Site Scripting Vulnerability in Apache Software Foundation ActiveMQ.
The vulnerability is due to insufficient validation of the JMSDestination parameter to message.jsp in the web console. A remote attacker could exploit this vulnerability by enticing a target user to open a malicious crafted link or web page. Successful exploitation could lead to arbitrary script execution in the target user's browser under the security context of the user.

Affected Products

Apache Software Foundation ActiveMQ prior to 5.15.14
Apache Software Foundation ActiveMQ prior to 5.16.1

Impact

System Compromise: Remote attackers can execute arbitrary script code in the context of the affected application.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
http://activemq.apache.org/security-advisories.data/CVE-2020-13947-announcement.txt

CVE References

CVE-2020-13947