{"id":"CVE-2017-4965","details":"An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks.","modified":"2026-03-14T09:26:31.229685Z","published":"2017-06-13T06:29:00.457Z","related":["SUSE-RU-2020:2072-1"],"references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/98394"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html"},{"type":"ADVISORY","url":"https://pivotal.io/security/cve-2017-4965"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rabbitmq/rabbitmq-server","events":[{"introduced":"0"},{"last_affected":"5aa9a3cec69e052fdf94fdb48cb831d01102a8e3"},{"introduced":"0"},{"last_affected":"e0c614a20c07df4853007a0a680da0391ef59f48"},{"introduced":"0"},{"last_affected":"90ea9de79665755123de9113da302884c207a16b"},{"introduced":"0"},{"last_affected":"d4a164c09e87f323efc1784b6d27ec5c1d39ab63"},{"introduced":"0"},{"last_affected":"d58371273e0d48dd11d2678479d10da8121b8c2f"},{"introduced":"0"},{"last_affected":"578cfc1916a4b6a8202b2f4698e35eb76942f061"},{"introduced":"0"},{"last_affected":"4fdd61b9c68b911b7d8c35bed385fb2167f173fa"},{"introduced":"0"},{"last_affected":"b5cc6a04168cf40241788e1dad0938ff7ae3ffe9"},{"introduced":"0"},{"last_affected":"f04d53ff82e04891ef6121e43a8cd40a60bfed1b"},{"introduced":"0"},{"last_affected":"1ea3cacdc04134cc3cb91652e54a64ba476658b6"},{"introduced":"0"},{"last_affected":"f3798d4b86a5b7edd6d9c30e20b169d666c7e511"},{"introduced":"0"},{"last_affected":"b877b98462adef4aa108033815cc6a7d6e4f2976"},{"introduced":"0"},{"last_affected":"3136aa25752542dfdbc7af3f77d8a66eb8d5d844"},{"introduced":"0"},{"last_affected":"61a5fd3950a5b34f596c48214c9299c7f4d4d582"},{"introduced":"0"},{"last_affected":"3d478460a3d9a94160e89ee82b85eb15ec5102a1"},{"introduced":"0"},{"last_affected":"9c33c701fa496826b53a7a387da3b5e4beaa6e87"},{"introduced":"0"},{"last_affected":"02146c99661fa0ff066387ec1b4648361cdda28e"},{"introduced":"0"},{"last_affected":"b6a3aa477156036c129d04a82c90ad916bc3865e"},{"introduced":"0"},{"last_affected":"40fc150ff49a95e771166da9cf14050d5bc95729"},{"introduced":"0"},{"last_affected":"ea4e59ee3018bd2824b003ac8f9db3e59c9d3413"},{"introduced":"0"},{"last_affected":"3be6cd4bb31f4a7a99fe1e5cd4652766a08c3c40"},{"introduced":"0"},{"last_affected":"c00f44b52027b358996192e05fa507cc4bf404b7"},{"introduced":"0"},{"last_affected":"90103f770d38fac6282c49890be7d96e394f8ec7"},{"introduced":"0"},{"last_affected":"5acfba7103efd4dc8e48e39c740f3ab1969bbfad"},{"introduced":"0"},{"last_affected":"cee628003601efa6ffd67088c78c8c58ccc97f4c"},{"introduced":"0"},{"last_affected":"10d1421c0d985f96facc33182631852c8454544d"},{"introduced":"0"},{"last_affected":"c5068a8d77491ae96fa8b25436548ebcc0a9db08"},{"introduced":"0"},{"last_affected":"1db54c1fa3ed00f756c9779d778b64db139108fd"},{"introduced":"0"},{"last_affected":"ca4368bc0a353afbf0a8cfd602003960381556d3"},{"introduced":"0"},{"last_affected":"758c952bf09cb933955a97c90271bfa80ea7c366"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.4.0"},{"introduced":"0"},{"last_affected":"3.4.1"},{"introduced":"0"},{"last_affected":"3.4.2"},{"introduced":"0"},{"last_affected":"3.4.3"},{"introduced":"0"},{"last_affected":"3.4.4"},{"introduced":"0"},{"last_affected":"3.5.0"},{"introduced":"0"},{"last_affected":"3.5.1"},{"introduced":"0"},{"last_affected":"3.5.2"},{"introduced":"0"},{"last_affected":"3.5.3"},{"introduced":"0"},{"last_affected":"3.5.6"},{"introduced":"0"},{"last_affected":"3.6.7"},{"introduced":"0"},{"last_affected":"3.5.4"},{"introduced":"0"},{"last_affected":"3.5.5"},{"introduced":"0"},{"last_affected":"3.5.7"},{"introduced":"0"},{"last_affected":"3.6.0"},{"introduced":"0"},{"last_affected":"3.6.1"},{"introduced":"0"},{"last_affected":"3.6.2"},{"introduced":"0"},{"last_affected":"3.6.3"},{"introduced":"0"},{"last_affected":"3.6.4"},{"introduced":"0"},{"last_affected":"3.6.5"},{"introduced":"0"},{"last_affected":"3.6.6"},{"introduced":"0"},{"last_affected":"1.5.0"},{"introduced":"0"},{"last_affected":"1.5.1"},{"introduced":"0"},{"last_affected":"1.5.2"},{"introduced":"0"},{"last_affected":"1.5.3"},{"introduced":"0"},{"last_affected":"1.5.4"},{"introduced":"0"},{"last_affected":"1.5.5"},{"introduced":"0"},{"last_affected":"1.6.0"},{"introduced":"0"},{"last_affected":"1.7.0"},{"introduced":"0"},{"last_affected":"1.7.2"}]}}],"versions":["6547461e6c2e","Aman-06-09-08","Aman-06-09-08_2","rabbitmq_v1_4_0","rabbitmq_v1_5_0","rabbitmq_v1_5_1","rabbitmq_v1_5_2","rabbitmq_v1_5_3","rabbitmq_v1_5_4","rabbitmq_v1_5_5","rabbitmq_v1_6_0","rabbitmq_v1_7_0","rabbitmq_v1_7_1","rabbitmq_v1_7_2","rabbitmq_v1_8_0","rabbitmq_v1_8_1","rabbitmq_v2.6.0","rabbitmq_v2_0_0","rabbitmq_v2_1_0","rabbitmq_v2_1_1","rabbitmq_v2_2_0","rabbitmq_v2_3_0","rabbitmq_v2_3_1","rabbitmq_v2_4_0","rabbitmq_v2_4_1","rabbitmq_v2_5_0","rabbitmq_v2_5_1","rabbitmq_v2_6_0","rabbitmq_v2_6_1","rabbitmq_v2_7_0","rabbitmq_v2_7_1","rabbitmq_v2_8_0","rabbitmq_v2_8_1","rabbitmq_v2_8_2","rabbitmq_v3_0_0","rabbitmq_v3_0_1","rabbitmq_v3_0_2","rabbitmq_v3_0_3","rabbitmq_v3_0_4","rabbitmq_v3_1_0","rabbitmq_v3_1_1","rabbitmq_v3_1_2","rabbitmq_v3_1_3","rabbitmq_v3_1_4","rabbitmq_v3_1_5","rabbitmq_v3_2_0","rabbitmq_v3_2_1","rabbitmq_v3_2_2","rabbitmq_v3_2_3","rabbitmq_v3_2_4","rabbitmq_v3_3_0","rabbitmq_v3_3_1","rabbitmq_v3_3_2","rabbitmq_v3_3_3","rabbitmq_v3_3_4","rabbitmq_v3_3_5","rabbitmq_v3_4_0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-4965.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"1.5.6"}]},{"events":[{"introduced":"0"},{"last_affected":"1.5.7"}]},{"events":[{"introduced":"0"},{"last_affected":"1.5.8"}]},{"events":[{"introduced":"0"},{"last_affected":"1.5.9"}]},{"events":[{"introduced":"0"},{"last_affected":"1.5.10"}]},{"events":[{"introduced":"0"},{"last_affected":"1.5.11"}]},{"events":[{"introduced":"0"},{"last_affected":"1.5.12"}]},{"events":[{"introduced":"0"},{"last_affected":"1.5.13"}]},{"events":[{"introduced":"0"},{"last_affected":"1.5.14"}]},{"events":[{"introduced":"0"},{"last_affected":"1.5.15"}]},{"events":[{"introduced":"0"},{"last_affected":"1.5.17"}]},{"events":[{"introduced":"0"},{"last_affected":"1.5.18"}]},{"events":[{"introduced":"0"},{"last_affected":"1.5.19"}]},{"events":[{"introduced":"0"},{"last_affected":"1.6.1"}]},{"events":[{"introduced":"0"},{"last_affected":"1.6.2"}]},{"events":[{"introduced":"0"},{"last_affected":"1.6.3"}]},{"events":[{"introduced":"0"},{"last_affected":"1.6.4"}]},{"events":[{"introduced":"0"},{"last_affected":"1.6.5"}]},{"events":[{"introduced":"0"},{"last_affected":"1.6.6"}]},{"events":[{"introduced":"0"},{"last_affected":"1.6.7"}]},{"events":[{"introduced":"0"},{"last_affected":"1.6.8"}]},{"events":[{"introduced":"0"},{"last_affected":"1.6.9"}]},{"events":[{"introduced":"0"},{"last_affected":"1.6.10"}]},{"events":[{"introduced":"0"},{"last_affected":"1.6.12"}]},{"events":[{"introduced":"0"},{"last_affected":"1.6.13"}]},{"events":[{"introduced":"0"},{"last_affected":"1.6.14"}]},{"events":[{"introduced":"0"},{"last_affected":"1.6.15"}]},{"events":[{"introduced":"0"},{"last_affected":"1.6.16"}]},{"events":[{"introduced":"0"},{"last_affected":"1.7.3"}]},{"events":[{"introduced":"0"},{"last_affected":"1.7.4"}]},{"events":[{"introduced":"0"},{"last_affected":"1.7.5"}]},{"events":[{"introduced":"0"},{"last_affected":"1.7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"1.7.7"}]},{"events":[{"introduced":"0"},{"last_affected":"1.7.8"}]},{"events":[{"introduced":"0"},{"last_affected":"1.7.9"}]},{"events":[{"introduced":"0"},{"last_affected":"1.7.10"}]},{"events":[{"introduced":"0"},{"last_affected":"1.7.13"}]},{"events":[{"introduced":"0"},{"last_affected":"1.7.14"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}