Cross-site scripting in RabbitMQ - #VU134804

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Vulnerabilities #VU134804

Cross-site scripting in RabbitMQ - #VU134804

Published: June 18, 2026


Vulnerability identifier: #VU134804
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-79
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: VMware, Inc
Affected software:
RabbitMQ

Detailed vulnerability description

The vulnerability allows a remote user to execute arbitrary JavaScript in the victim's browser.

The vulnerability exists due to cross-site scripting in the rabbitmq_federation_management plugin federation status page when rendering an unsanitized consumer_tag value. A remote user can configure a malicious federation upstream or policy to execute arbitrary JavaScript in the victim's browser.

User interaction is required when an administrator or monitoring user opens the Federation Status page.


Remediation

Install security update from vendor's website.

Sources