-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.apache.activemq:activemq-client | maven | < 5.9.0 | 5.9.0 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from unescaped output of the 'cronEntry' field in scheduled.jsp. The GitHub patch shows the fix involved wrapping ${row.cronEntry} and other fields in <c:out> tags for proper escaping. The original vulnerable code directly rendered user-controlled cron expressions into HTML without sanitization, enabling script injection. The JSP file's table rendering logic was the vulnerable component, as confirmed by the patch adding output encoding.
JavaJavaKEV Misses 88% of Exploited CVEs- Get the report