{"id":"CVE-2016-0782","details":"The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users to conduct cross-site scripting (XSS) attacks and consequently obtain sensitive information from a Java memory dump via vectors related to creating a queue.","aliases":["GHSA-8rcq-p4gh-vmj8"],"modified":"2026-04-10T03:46:52.561119Z","published":"2016-08-05T15:59:02.473Z","references":[{"type":"WEB","url":"http://www.securityfocus.com/archive/1/537760/100/0/threaded"},{"type":"WEB","url":"http://www.securitytracker.com/id/1035328"},{"type":"WEB","url":"https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2016:1424"},{"type":"ADVISORY","url":"http://activemq.apache.org/security-advisories.data/CVE-2016-0782-announcement.txt"},{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/136215/Apache-ActiveMQ-5.13.0-Cross-Site-Scripting.html"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1317516"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/activemq","events":[{"introduced":"0"},{"last_affected":"27e612bef1e471fe9fd3ecc9f2594b4c07a976fd"},{"introduced":"0"},{"last_affected":"d2dbe18cfbb36b6df142bb94c0c80396571084fc"},{"introduced":"0"},{"last_affected":"afabcda5832fe869c47da3dc7aacb6f90face5f0"},{"introduced":"0"},{"last_affected":"11c90762b7a78a7ee43f95638d3d50d29197e471"},{"introduced":"0"},{"last_affected":"fd4452478be6b7ef85c8409c43b017e8fbefe9e4"},{"introduced":"0"},{"last_affected":"e3674e70e2b1918c6e03966681d07a94e2033f86"},{"introduced":"0"},{"last_affected":"a11909d0f5caf11fd90d36ecc764f70910d81009"},{"introduced":"0"},{"last_affected":"a6fbc32e620d02431796a9b6b77820524c44fe31"},{"introduced":"0"},{"last_affected":"c1fea8aa9d80a6b500006724e06e3daf86d5e2d3"},{"introduced":"0"},{"last_affected":"063285ca8e142480b435c2c294f5163d1afddd5a"},{"introduced":"0"},{"last_affected":"822058cbeb75d564ee20c785498f6cb38e936985"},{"introduced":"0"},{"last_affected":"30697b4e505c77ed9c0e17720a14c78843d12c2f"},{"introduced":"0"},{"last_affected":"17cc9c0228cf8907a40307d4dab80857f9b460f4"},{"introduced":"0"},{"last_affected":"d0a64168441a08aa323a6881db444b935c186ee3"},{"introduced":"0"},{"last_affected":"87c9bbebacfe1d2248b4a55d601f0b089d40b742"},{"introduced":"0"},{"last_affected":"04992929ddb84c78390e972a352fe45064d571d5"},{"introduced":"0"},{"last_affected":"58dd93e42e7405768fd89154ff94b45ac71f151f"},{"introduced":"0"},{"last_affected":"8938d14d434447193b02ba635606aa0fb7a80353"},{"introduced":"0"},{"last_affected":"f81d4784f3dda08a3b71b07d7946d39d0a7c6c12"},{"introduced":"0"},{"last_affected":"4ba1a1689f33d81bd2349a2bb8c66f0c95b04d1d"},{"introduced":"0"},{"last_affected":"863e8a5d1ba38f262bdbec4484d704fba8e4f695"},{"introduced":"0"},{"last_affected":"02dcfe6ace5dd545b2d681319456430752f7f5f0"},{"introduced":"0"},{"last_affected":"857e9224e90a2be58915640a2328eebe3e045b90"},{"introduced":"0"},{"last_affected":"a9eeb03520f074d5013239b8d8708a05ba31e176"},{"introduced":"0"},{"last_affected":"21c8b4695f771065192ed7a24c92367ed9f6e564"},{"introduced":"0"},{"last_affected":"6ccbbce23de1d92daf83456accfdb03a4b768238"},{"introduced":"0"},{"last_affected":"abfe038ddfd6d6c4f7c41e106dabc815041b04c5"},{"introduced":"0"},{"last_affected":"d60b73402cc11babb53e0a26e4537265f153492b"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"5.1.0"},{"introduced":"0"},{"last_affected":"5.2.0"},{"introduced":"0"},{"last_affected":"5.3.0"},{"introduced":"0"},{"last_affected":"5.3.1"},{"introduced":"0"},{"last_affected":"5.3.2"},{"introduced":"0"},{"last_affected":"5.4.0"},{"introduced":"0"},{"last_affected":"5.4.1"},{"introduced":"0"},{"last_affected":"5.4.2"},{"introduced":"0"},{"last_affected":"5.4.3"},{"introduced":"0"},{"last_affected":"5.5.0"},{"introduced":"0"},{"last_affected":"5.5.1"},{"introduced":"0"},{"last_affected":"5.6.0"},{"introduced":"0"},{"last_affected":"5.7.0"},{"introduced":"0"},{"last_affected":"5.8.0"},{"introduced":"0"},{"last_affected":"5.9.0"},{"introduced":"0"},{"last_affected":"5.9.1"},{"introduced":"0"},{"last_affected":"5.10.0"},{"introduced":"0"},{"last_affected":"5.10.1"},{"introduced":"0"},{"last_affected":"5.10.2"},{"introduced":"0"},{"last_affected":"5.11.0"},{"introduced":"0"},{"last_affected":"5.11.1"},{"introduced":"0"},{"last_affected":"5.11.2"},{"introduced":"0"},{"last_affected":"5.11.3"},{"introduced":"0"},{"last_affected":"5.12.0"},{"introduced":"0"},{"last_affected":"5.12.1"},{"introduced":"0"},{"last_affected":"5.12.2"},{"introduced":"0"},{"last_affected":"5.13.0"},{"introduced":"0"},{"last_affected":"5.13.1"}]}}],"versions":["activemq-5.1.0","activemq-5.10.0","activemq-5.10.1","activemq-5.10.2","activemq-5.11.0","activemq-5.11.1","activemq-5.11.2","activemq-5.11.3","activemq-5.12.0","activemq-5.12.1","activemq-5.12.2","activemq-5.13.0","activemq-5.13.1","activemq-5.2.0","activemq-5.3.0","activemq-5.3.1","activemq-5.4.0","activemq-5.4.1","activemq-5.4.2","activemq-5.4.3","activemq-5.5.0","activemq-5.6.0","activemq-5.7.0","activemq-5.8.0","activemq-5.9.0","activemq-5.9.1","activemq-parent-5.3.2","activemq-parent-5.5.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-0782.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}