Lucene search

[email protected]CVE-2015-6972

HistorySep 16, 2015 - 7:59 p.m.

CVE-2015-6972

2015-09-1619:59:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2015-6972

cross-site scripting

xss

ignite realtime openfire

security vulnerability

nvd

4.6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.166 Low

EPSS

Percentile

96.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to inject arbitrary web script or HTML via the (1) groupchatName parameter to plugins/clientcontrol/create-bookmark.jsp; the (2) urlName parameter to plugins/clientcontrol/create-bookmark.jsp; the (3) hostname parameter to server-session-details.jsp; or the (4) search parameter to group-summary.jsp.

Affected configurations

NVD

Node

igniterealtimeopenfireMatch3.10.2

CPENameOperatorVersion
igniterealtime:openfireigniterealtime openfireeq3.10.2

CPE	Name	Operator	Version
igniterealtime:openfire	igniterealtime openfire	eq	3.10.2

References

hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-XSS.txt

packetstormsecurity.com/files/133558/Openfire-3.10.2-Cross-Site-Scripting.html

security.gentoo.org/glsa/201612-50

www.exploit-db.com/exploits/38191/

4.6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.166 Low

EPSS

Percentile

96.0%

JSON

Related for CVE-2015-6972

checkpoint_advisories2 nvd1 cvelist1 prion1 packetstorm1 nessus1 openvas1 archlinux1 gentoo1