Update about this CVE. The mitigation is to upgrade to at least Apache ActiveMQ 5.15.14 or 5.16.1.
> Le 8 févr. 2021 à 06:24, Jean-Baptiste Onofre <j...@nanthrax.net> a écrit : > > CVE-2020-13947 - XSS in WebConsole > > Severity: Medium > > Vendor: > The Apache Software Foundation > > Versions Affected: > Apache ActiveMQ prior to 5.15.12 and 5.16.0 > > Description: > An instance of a cross-site scripting > vulnerability was identified to be present in the web based > administration console on the message.jsp page of Apache ActiveMQ > versions 5.15.12 to 5.16.0. > > Mitigation: > Upgrade to at least Apache ActiveMQ 5.15.13 or 5.16.1 > > Credit: > This issue was discovery by: > > * qiang qiang <silbul2...@gmail.com> >
