{
  "threat_severity" : "Important",
  "public_date" : "2022-08-18T00:00:00Z",
  "bugzilla" : {
    "description" : "activemq-artemis: AMQ Broker web console HTML Injection",
    "id" : "2109805",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2109805"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.1",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-74",
  "details" : [ "In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue.", "A security vulnerability was found in ActiveMQ Artemis. This flaw allows an attacker to show malicious content and redirect users to a malicious URL in the web console by using HTML in the name of an address or queue." ],
  "affected_release" : [ {
    "product_name" : "AMQ Broker 7.10.1",
    "release_date" : "2022-10-12T00:00:00Z",
    "advisory" : "RHSA-2022:6916",
    "cpe" : "cpe:/a:redhat:amq_broker:7",
    "package" : "artemis-plugin"
  }, {
    "product_name" : "Red Hat AMQ 7.8.7",
    "release_date" : "2022-09-01T00:00:00Z",
    "advisory" : "RHSA-2022:6292",
    "cpe" : "cpe:/a:redhat:amq_broker:7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Fuse 7",
    "fix_state" : "Not affected",
    "package_name" : "artemis-plugin",
    "cpe" : "cpe:/a:redhat:jboss_fuse:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-35278\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-35278" ],
  "name" : "CVE-2022-35278",
  "csaw" : false
}