HTML injection is a type of injection vulnerability that occurs when a user is able to control an input point and is able to inject arbitrary HTML code into a vulnerable web page. This vulnerability can have many consequences, like disclosure of a user’s session cookies that could be used to impersonate the victim, or, more generally, it can allow the attacker to modify the page content seen by the victims. This vulnerability occurs when user input is not correctly sanitized and the output is not encoded. An injection allows the attacker to send a malicious HTML page to a victim. The targeted browser will not be able to distinguish (trust) legitimate parts from malicious parts of the page, and consequently will parse and execute the whole page in the victim’s context.
This issue has been addressed in the following products: Red Hat AMQ 7.8.7 Via RHSA-2022:6292 https://access.redhat.com/errata/RHSA-2022:6292
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-35278
This issue has been addressed in the following products: AMQ Broker 7.10.1 Via RHSA-2022:6916 https://access.redhat.com/errata/RHSA-2022:6916