VDB
CVE-2015-0862
CVE-2015-0862
REJECTED
Multiple cross-site scripting (XSS) vulnerabilities in the management web UI in the RabbitMQ management plugin before 3.4.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) message details when a message is unqueued, such as headers or arguments; (2) policy names, which are not properly handled when viewing policies; (3) details for AMQP network clients, such as the version; allow remote authenticated administrators to inject arbitrary web script or HTML via (4) user names, (5) the cluster name; or allow RabbitMQ cluster administrators to (6) modify unspecified content.
EPSS 0.19% · 40.1th percentile
Risk Scores
EPSS Score
0.19%
40.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | rabbitmq-server | 0, 3.5.4-1, 3.5.4-3 |
Exploit Intelligence
Timeline
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2015-0862 third-party-advisory
- http://www.rabbitmq.com/news.html#2015-01-08T10:14:05+0100 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2015-0862 third-party-advisory