Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in the management web UI in the RabbitMQ management plugin before 3.4.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) message details when a message is unqueued, such as headers or arguments; (2) policy names, which are not properly handled when viewing policies; (3) details for AMQP network clients, such as the version; allow remote authenticated administrators to inject arbitrary web script or HTML via (4) user names, (5) the cluster name; or allow RabbitMQ cluster administrators to (6) modify unspecified content.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Pivotal Software RabbitMQ management插件跨站脚本漏洞
Vulnerability Description
Pivotal Software RabbitMQ是美国Pivotal Software公司的一套实现了高级消息队列协议(AMQP)的开源消息代理软件。RabbitMQ management是其中的一个管理插件。 Pivotal Software RabbitMQ management插件3.4.3之前版本的management web UI中存在跨站脚本漏洞。远程攻击者可借助消息详情、策略名称和AMQP网络客户端详情利用该漏洞以用户权限注入任意Web脚本或HTML;借助用户名和群组名利用该漏洞以管理员权
CVSS Information
N/A
Vulnerability Type
N/A