Cross-site scripting in ActiveMQ - CVE-2026-52760
Published: July 1, 2026
ActiveMQ
Detailed vulnerability description
The vulnerability allows a remote user to execute arbitrary script in an administrator's browser.
The vulnerability exists due to cross-site scripting in the browse page of the ActiveMQ Web Console when rendering a JMS message ID without sanitization. A remote user can send a crafted message with a malicious JMS message ID to execute arbitrary script in an administrator's browser.
User interaction is required when an administrator browses the queue in the Web Console.