In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability. The XSS payload is being injected into the admin console's browser. The XSS payload is triggered in the diagram plugin; queue node and the info section.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2020-07-20T21:08:34

Updated: 2024-08-04T12:32:14.247Z

Reserved: 2020-06-08T00:00:00

Link: CVE-2020-13932

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-07-20T22:15:11.747

Modified: 2024-11-21T05:02:10.463

Link: CVE-2020-13932

cve-icon Redhat

Severity : Moderate

Publid Date: 2020-07-20T00:00:00Z

Links: CVE-2020-13932 - Bugzilla