XSS in Broadcom Rabbitmq_server

CVE-2014-9649

Cross-site scripting (XSS) vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to api/, which is not properly handled in an er…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.003 (53.4th percentile) — read the EPSS interpretation.

Affected products

Broadcom Rabbitmq_server — versions 2.1.0, 2.1.1, 2.2.0
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

RHSA-2016:0308 (x_refsource_REDHAT, vendor-advisory)
76084 (vdb-entry, x_refsource_BID)
security@ubuntu.com (x_refsource_CONFIRM)
security@ubuntu.com (x_refsource_CONFIRM, Vendor Advisory)
[oss-security] 20150121 CVE Request: XSS and response-splitting bugs in rabbitmq management plugin (mailing-list, x_refsource_MLIST)