NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-41043

Summary	Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. An authenticated attacker can show malicious content when browsing queues in the web console by overriding the content type to be HTML (instead of XML) and by injecting HTML into a JMS selector field. This issue affects Apache ActiveMQ: before 5.19.6, from 6.0.0 before 6.2.5; Apache ActiveMQ Web: before 5.19.6, from 6.0.0 before 6.2.5. Users are recommended to upgrade to version 6.2.5 or 5.19.6, which fixes the issue.
Publication Date	April 24, 2026, 8:16 p.m.
Registration Date	April 25, 2026, 4:07 a.m.
Last Update	April 24, 2026, 11:39 p.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://activemq.apache.org/security-advisories.data/CVE-2026-41043-announcement.txt	security@apache.org
2	http://www.openwall.com/lists/oss-security/2026/04/23/5	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html
2	CWE-915	動的に決定されたオブジェクト属性の不適切に制御された変更	https://cwe.mitre.org/data/definitions/915.html