CVE-2026-41043

216.73.216.233

· Published 24/04/2026 11:16 · Modified 24/04/2026 19:17

Labels: CVE-2026-41043 2026-04-24 CVE-2026-41043 CWE-79 [email protected]

Essential information

Published: 24/04/2026 11:16
Modified: 24/04/2026 19:17
Author: —
Creator: —
CVSS: 6.5 MEDIUM (v3.1)
CISA KEV: No
CWE: —
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CVSS metrics

Description

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. An authenticated attacker can show malicious content when browsing queues in the web console by overriding the content type to be HTML (instead of XML) and by injecting HTML into a JMS selector field. This issue affects Apache ActiveMQ: before 5.19.6, from 6.0.0 before 6.2.5; Apache ActiveMQ Web: before 5.19.6, from 6.0.0 before 6.2.5. Users are recommended to upgrade to version 6.2.5 or 5.19.6, which fixes the issue.

NVD status

Status: Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
apache / activemq	`cpe:2.3:a:apache:activemq:<5.19.6:::::::*`
apache / activemq	`cpe:2.3:a:apache:activemq:6.0.0-6.2.4:::::::*`
apache / activemq web	`cpe:2.3:a:apache:activemq_web:<5.19.6:::::::*`
apache / activemq web	`cpe:2.3:a:apache:activemq_web:6.0.0-6.2.4:::::::*`