What is CVE-2014-8110?

CVE-2014-8110 is a vulnerability in Apache Activemq, classified under Cross-site Scripting. Published 2015-02-12.

Is CVE-2014-8110 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

XSS in Apache Activemq

CVE-2014-8110

Multiple cross-site scripting (XSS) vulnerabilities in the web based administration console in Apache ActiveMQ 5.x before 5.10.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.039 (88.5th percentile) — read the EPSS interpretation.

Affected products

Apache Activemq — versions 5.0.0, 5.1.0, 5.2.0
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

Public proof-of-concept exploits

tafamace/CVE-2014-8110

References

[oss-security] 20150205 [ANNOUNCE] CVE-2014-3600, CVE-2014-3612 and CVE-2014-8110 - Apache ActiveMQ vulnerabilities (mailing-list, x_refsource_MLIST)
72511 (vdb-entry, x_refsource_BID)
62649 (x_refsource_SECUNIA, third-party-advisory)
apache-activemq-cve20148110-xss(100724) (vdb-entry, x_refsource_XF)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
[activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/ (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2014-8110?: CVE-2014-8110 is a vulnerability in Apache Activemq, classified under Cross-site Scripting. Published 2015-02-12.
Is CVE-2014-8110 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.