CVE-2014-9649 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2014-9649 Interim 1 5 2022-09-19T00:17:16Z current 2021-05-30T13:24:57Z 2022-09-19T00:17:16Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2014-9649 Cross-site scripting (XSS) vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to api/, which is not properly handled in an error message. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Cloud 5 rabbitmq-server rabbitmq-server as a component of SUSE Cloud 5 Cross-site scripting (XSS) vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to api/, which is not properly handled in an error message. CVE-2014-9649 SUSE Cloud 5:rabbitmq-server moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N