Lucene search
+L

260 matches found

Github Security Blog
Github Security Blog
added 2022/05/24 4:59 p.m.24 views

Ignite Realtime Openfire vulnerable to Server Side Request Forgery

A Server Side Request Forgery SSRF vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests. The issue is fixed in version 4.5.0-beta...

9.8CVSS4.4AI score0.32304EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 4:44 a.m.26 views

Ignite Realtime Openfire vulnerable to XMPPbomb attack

nio/XMLLightweightParser.java in Ignite Realtime Openfire before 3.9.2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service resource consumption via a crafted XMPP stream, aka an "xmppbomb" attack...

7.8CVSS6.6AI score0.03774EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2022/05/17 4:44 a.m.23 views

GHSA-J5QH-CP3P-2H87 Ignite Realtime Openfire vulnerable to XMPPbomb attack

nio/XMLLightweightParser.java in Ignite Realtime Openfire before 3.9.2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service resource consumption via a crafted XMPP stream, aka an "xmppbomb" attack...

8.7CVSS6.1AI score0.03774EPSS
Exploits0References9
OSV
OSV
added 2022/05/17 12:23 a.m.47 views

GHSA-V3H2-4J2R-WQJ8 Ignite Realtime Openfire Server has Cross-site Scripting vulnerability in admin console

The Admin Console in Ignite Realtime Openfire Server before 4.1.7 allows arbitrary client-side JavaScript code execution on victims who click a crafted setup/setup-host-settings.jsp?domain= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protection...

4.8CVSS5.6AI score0.00728EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/14 12:57 a.m.30 views

Ignite Realtime Openfire vulnerable to cross-site scripting

Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site,...

6.1CVSS2.1AI score0.0242EPSS
Exploits2References9Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/02 3:26 a.m.27 views

Ignite Realtime Openfire Allows Users to Change Passwords of Arbitrary Accounts

The jabber:iq:auth implementation in IQAuthHandler.java in Ignite Realtime Openfire before 3.6.4 allows remote authenticated users to change the passwords of arbitrary accounts via a modified username element in a passwdchange action...

4CVSS6.5AI score0.02228EPSS
Exploits1References8Affected Software1
OSV
OSV
added 2022/05/02 3:26 a.m.20 views

GHSA-R62W-X9PP-JRQP Ignite Realtime Openfire Allows Users to Change Passwords of Arbitrary Accounts

The jabber:iq:auth implementation in IQAuthHandler.java in Ignite Realtime Openfire before 3.6.4 allows remote authenticated users to change the passwords of arbitrary accounts via a modified username element in a passwdchange action...

4CVSS6.1AI score0.02228EPSS
Exploits1References8
OSV
OSV
added 2022/05/01 11:42 p.m.26 views

GHSA-X337-43MR-GG3H Ignite Realtime Openfire allows remote authenticated users to cause a denial of service

ConnectionManagerImpl.java in Ignite Realtime Openfire 3.4.5 allows remote authenticated users to cause a denial of service daemon outage by triggering large outgoing queues without reading messages...

4CVSS5.8AI score0.01657EPSS
Exploits0References12
Github Security Blog
Github Security Blog
added 2022/05/01 11:42 p.m.27 views

Ignite Realtime Openfire allows remote authenticated users to cause a denial of service

ConnectionManagerImpl.java in Ignite Realtime Openfire 3.4.5 allows remote authenticated users to cause a denial of service daemon outage by triggering large outgoing queues without reading messages...

4CVSS6.7AI score0.01657EPSS
Exploits0References12Affected Software2
OpenVAS
OpenVAS
added 2021/02/01 12:0 a.m.43 views

'//WEB-INF/' Information Disclosure Vulnerability (HTTP)

Various application or web servers / products are prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

5CVSS7.4AI score0.08179EPSS
Exploits0References5
CNVD
CNVD
added 2020/12/14 12:0 a.m.7 views

Ignite Realtime Openfire Cross-Site Scripting Vulnerability (CNVD-2021-09925)

Ignite Realtime Openfire is a real-time collaboration RTC server licensed under the open source Apache license. Ignite Realtime Openfire 4.6.0 suffers from a create-bookmark.jsp groupchatJID stored cross-site scripting vulnerability. An attacker can exploit this vulnerability to steal sensitive...

5.4CVSS5.6AI score0.0061EPSS
Exploits1References1
NVD
NVD
added 2020/12/12 6:15 p.m.21 views

CVE-2020-35201

Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp users Stored XSS...

5.4CVSS5.5AI score0.00731EPSS
Exploits1References1
NVD
NVD
added 2020/12/12 6:15 p.m.24 views

CVE-2020-35200

Ignite Realtime Openfire 4.6.0 has plugins/clientcontrol/spark-form.jsp Reflective XSS...

6.1CVSS6.3AI score0.00902EPSS
Exploits1References1
NVD
NVD
added 2020/12/12 6:15 p.m.37 views

CVE-2020-35202

Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql Stored XSS...

5.4CVSS5.5AI score0.00731EPSS
Exploits1References1
OSV
OSV
added 2020/12/12 6:15 p.m.17 views

CVE-2020-35201

Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp users Stored XSS...

5.4CVSS6.7AI score
Exploits0References1
OSV
OSV
added 2020/12/12 6:15 p.m.16 views

CVE-2020-35200

Ignite Realtime Openfire 4.6.0 has plugins/clientcontrol/spark-form.jsp Reflective XSS...

6.1CVSS6.9AI score
Exploits0References1
OSV
OSV
added 2020/12/12 6:15 p.m.12 views

CVE-2020-35202

Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql Stored XSS...

5.4CVSS6.7AI score
Exploits0References1
NVD
NVD
added 2020/12/12 6:15 p.m.30 views

CVE-2020-35199

Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp groupchatJID Stored XSS...

5.4CVSS5.5AI score0.0061EPSS
Exploits1References1
OSV
OSV
added 2020/12/12 6:15 p.m.15 views

CVE-2020-35199

Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp groupchatJID Stored XSS...

5.4CVSS6.7AI score
Exploits0References1
Prion
Prion
added 2020/12/12 6:15 p.m.18 views

Cross site scripting

Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp users Stored XSS...

3.5CVSS5.6AI score0.00731EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder