[
https://issues.apache.org/activemq/browse/AMQ-2613?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=58696#action_58696
]
Romain Wartel commented on AMQ-2613:
------------------------------------
Joe is correct.
Also, for the permanent XSS, "correlation ID" is not the only vulnerable
variable. "Reply To ", "Type", etc. are vulnerable.
It is important to sanitise user input in general, not just for the variables
that are being reported here.
> Persistent Cross-site Scripting in /createDesitnation.action [JMSDestination
> parameter]
> ---------------------------------------------------------------------------------------
>
> Key: AMQ-2613
> URL: https://issues.apache.org/activemq/browse/AMQ-2613
> Project: ActiveMQ
> Issue Type: Bug
> Affects Versions: 5.3.0
> Environment: Linux environment.
> Reporter: Rajat Swarup
> Assignee: Dejan Bosanac
> Priority: Critical
> Fix For: 5.3.1, 5.4.0
>
>
> GET
> /createDestination.action?JMSDestinationType=queue&JMSDestination=%22%3E%3Cscript%3Ealert%28%22persistent%20XSS%22%29%3C%2fscript%3E
> This GET request creates a queue name that has malformed queue name due to
> lack of input validation. After sending this request a sample of the effect
> can be seen by browsing to /queues.jsp and clicking on the "Home" link.
> I do not know the affected version information yet. Is there some way I can
> find it?
> Additionally, this is vulnerable to cross-site request forgery as well but
> XSS is a more critical bug than XSRF (at least at this point for me I guess).
> ----
> CVE Identifier issued for this:
> CVE-2010-0684
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
