Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-04-24T10:16:23 Apache ActiveMQ: Apache ActiveMQ Web: Apache ActiveMQ: Information disclosure via Cross-Site Scripting in web console 4.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N CWE-79

A flaw was found in Apache ActiveMQ and Apache ActiveMQ Web. An authenticated attacker can exploit a Cross-Site Scripting (XSS) vulnerability by injecting malicious HTML into a Java Message Service (JMS) selector field and overriding the content type to HTML. This allows the attacker to display malicious content to other users browsing queues in the web console, potentially leading to information disclosure or execution of arbitrary client-side scripts.

Red Hat AMQ Broker 7 Fix deferred activemq-client Red Hat build of Apache Camel for Spring Boot 4 Fix deferred activemq-client Red Hat build of Apache Camel for Spring Boot 4 Fix deferred activemq-client-jakarta Red Hat Data Grid 8 Fix deferred activemq-client Red Hat Fuse 7 Fix deferred activemq-all Red Hat Fuse 7 Fix deferred activemq-client Red Hat Fuse 7 Fix deferred activemq-web Red Hat JBoss Enterprise Application Platform 7 Fix deferred activemq-client Red Hat JBoss Enterprise Application Platform 8 Fix deferred activemq-client Red Hat JBoss Enterprise Application Platform 8 Fix deferred activemq-client-jakarta Red Hat JBoss Enterprise Application Platform Expansion Pack Fix deferred activemq-client Red Hat JBoss Enterprise Application Platform Expansion Pack Fix deferred activemq-client-jakarta https://www.cve.org/CVERecord?id=CVE-2026-41043 https://nvd.nist.gov/vuln/detail/CVE-2026-41043 http://www.openwall.com/lists/oss-security/2026/04/23/5 https://activemq.apache.org/security-advisories.data/CVE-2026-41043-announcement.txt