activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Javier Godinez <>
Subject XSS in Web interface
Date Tue, 05 Apr 2011 16:10:29 GMT
ActiveMQ Developers,

A quick question regarding cross-site script vulnerabilities in the web
interface. Is the Web interface intended to be accessible during production,
or is that simply used during development? If it is intended to be used in
production, is there a reason for the lack of input filtering (html) in
places such as the /camel/endpoints (uri field). I am tasked with assessing
the security of an ActiveMQ deployment, are there any best practices
guidelines that you could link me to?


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message