1

CVE-2010-0684

-

There was a persistent cross-site scripting (XSS) vulnerability in Apache ActiveMQ console that could be triggered by an anonymous user. The stored XSS issues tend to be worse that reflected ones because they necessarily do not need any social engineering. Especially, in cases where an anonymous user can inject the payloads.
The link to the advisory is here.
Update April 8, 2010:
It turns out that there were many more variables vulnerable to the XSS attacks and not all the issues had been fixed. Dejan Bosanac (the ActiveMQ developer) has now put in more fixes to close out the issue.

1

CVE-2007-3101

-

I finally got a candidate on the Common Vulnerabilities & Exposures (CVE) list. Apache Tomahawk also released a critical security update due to my disclosure to iDefense. In case, people are wondering I did not get any money for the disclosure to iDefense. It was just a case of responsible disclosure.
The advisory can be found at:
http://seclists.org/fulldisclosure/2007/Jun/0305.html.