CVE-2026-41043
Undergoing Analysis
Undergoing Analysis - In Progress
BaseFortify
Publication date: 2026-04-24
Last updated on: 2026-04-27
Assigner: Apache Software Foundation
Description
Description
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache ActiveMQ, Apache ActiveMQ Web.
An authenticated attacker can show malicious content when browsing queues in the web console by overriding the content type to be HTML (instead of XML) and by injecting HTML into a JMS selector field.
This issue affects Apache ActiveMQ: before 5.19.6, from 6.0.0 before 6.2.5; Apache ActiveMQ Web: before 5.19.6, from 6.0.0 before 6.2.5.
Users are recommended to upgrade to version 6.2.5 or 5.19.6, which fixes the issue.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apache | activemq | to 5.19.6 (exc) |
| apache | activemq | From 6.0.0 (inc) to 6.2.5 (exc) |
| apache | activemq_web | to 5.19.6 (exc) |
| apache | activemq_web | From 6.0.0 (inc) to 6.2.5 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-915 | The product receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an object, but it does not properly control which attributes can be modified. |
Attack-Flow Graph
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70