|
Description
|
|
Multiple vulnerabilities have been reported in RabbitMQ, which can be exploited by malicious people to conduct cross-site scripting attacks.
1) Certain input related to table key names is not properly sanitised before being returned to the user. This can be exploited to insert arbitrary HTTP headers, which will be included in a response sent to the user.
2) Certain input related to policy names is not properly sanitised before being returned to the user. This can be exploited to insert arbitrary HTTP headers, which will be included in a response sent to the user.
3) Certain input related to client details in the connections list is not properly sanitised before being returned to the user. This can be exploited to insert arbitrary HTTP headers, which will be included in a response sent to the user.
4) Certain input related to user names in the vhosts list or the vhost names in the user list is not properly sanitised before being returned to the user. This can be exploited to insert arbitrary HTTP headers, which will be included in a response sent to the user.
5) Certain input related to cluster name is not properly sanitised before being returned to the user. This can be exploited to insert arbitrary HTTP headers, which will be included in a response sent to the user.
The vulnerabilities are reported in versions prior to 3.4.3.
|
