559 matches found
CVE-2020-35201
Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp users Stored XSS...
CVE-2020-35202
Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql Stored XSS...
CVE-2020-35200
Ignite Realtime Openfire 4.6.0 has plugins/clientcontrol/spark-form.jsp Reflective XSS...
CVE-2020-35201
Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp users Stored XSS...
CVE-2020-35202
Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql Stored XSS...
CVE-2020-35199
Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp groupchatJID Stored XSS...
CVE-2020-35199
Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp groupchatJID Stored XSS...
Cross site scripting
Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp groupchatJID Stored XSS...
Cross site scripting
Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql Stored XSS...
Cross site scripting
Ignite Realtime Openfire 4.6.0 has plugins/clientcontrol/spark-form.jsp Reflective XSS...
Cross site scripting
Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp users Stored XSS...
CVE-2020-35199
Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp groupchatJID Stored XSS...
CVE-2020-35199
Openfire 4.6.0 from Ignite Realtime contains a Stored XSS in create-bookmark.jsp with the groupchatJID parameter. Descriptions across sources indicate exploitation could enable credential theft (stored XSS risk). No official patch/version is specified in the provided documents. Some advisories su...
CVE-2020-35200
CVE-2020-35200 affects Ignite Realtime Openfire 4.6.0, specifically the plugin file plugins/clientcontrol/spark-form.jsp, with a Reflective XSS flaw. The connected sources confirm the vulnerability in this exact component and version; exploitation status or in-the-wild details are not provided. M...
CVE-2020-35200
Ignite Realtime Openfire 4.6.0 has plugins/clientcontrol/spark-form.jsp Reflective XSS...
CVE-2020-35202
Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql Stored XSS...
CVE-2020-35202
CVE-2020-35202 affects Ignite Realtime Openfire 4.6.0, with a Stored XSS vulnerability in the db-access.jsp file of the dbaccess plugin. The issue is triggered through SQL handling in that component, enabling script injection under the described conditions. Connected sources corroborate Openfire ...
CVE-2020-35201
Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp users Stored XSS...
CVE-2020-35201
CVE-2020-35201 affects Ignite Realtime Openfire 4.6.0, with a Stored XSS in the create-bookmark.jsp page affecting users. The connected documents confirm the affected product/version and the vulnerability class; no concrete patch/version fix is stated. An exploit-db entry is linked, suggesting ex...
Ignite Realtime Openfire Cross-Site Scripting Vulnerability
Ignite Realtime Openfire is a cross-platform open source Real-Time Collaboration RTC server developed in Java and based on XMPP formerly known as Jabber, Instant Messaging Protocol from the Ignite Realtime community, which is capable of building highly efficient instant messaging servers and...