CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

558 matches found

RedhatCVE•added 2026/01/09 10:6 a.m.•9 views

CVE-2019-20365

An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via search to the Users/Group search page...

6.1CVSS6AI score0.01172EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:6 a.m.•5 views

CVE-2019-20527

Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp serverURL parameter...

6.1CVSS5.8AI score0.00906EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:49 a.m.•9 views

CVE-2020-24601

In Ignite Realtime Openfire 4.5.1 a Stored Cross-site Vulnerability allows an attacker to execute an arbitrary malicious URL via the vulnerable POST parameter searchName", "alias" in the import certificate trusted page...

6.1CVSS6.9AI score0.0062EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:48 a.m.•5 views

CVE-2020-24602

Ignite Realtime Openfire 4.5.1 has a reflected Cross-site scripting vulnerability which allows an attacker to execute arbitrary malicious URL via the vulnerable GET parameter searchName", "searchValue", "searchDescription", "searchDefaultValue","searchPlugin", "searchDescription" and...

6.1CVSS7.1AI score0.01012EPSS

Exploits1References1

Veracode•added 2025/10/27 5:49 a.m.•5 views

Identity Spoofing

org.igniterealtime.openfire, xmppserver is vulnerable to identity spoofing. The vulnerability is due to regex-based extraction of the Common Name CN from an unescaped, provider-dependent Distinguished Name DN string, which allows an attacker to impersonate other users using crafted certificate...

5.9CVSS6.6AI score0.0022EPSS

Exploits0References7Affected Software1