Khaled Alshammri

**Name of the Vulnerable Software and Affected Versions** Apache ActiveMQ versions prior to 5.19.6 Apache ActiveMQ versions 6.0.0 through 6.2.4 Apache ActiveMQ Web versions prior to 5.19.6 Apache ActiveMQ Web versions 6.0.0 through 6.2.4 **Description** An authenticated attacker can display malicious content when browsing queues in the web console. This is achieved by overriding the content type to HTML instead of XML and injecting HTML into a JMS selector field, leading to Cross-Site Scripting (XSS), which occurs when an application includes untrusted data in a web page without proper validation or escaping. **Recommendations** Upgrade to version 5.19.6. Upgrade to version 6.2.5.