PT-2020-17290 · Ignite Realtime · Ignite Realtime Openfire

Name of the Vulnerable Software and Affected Versions: Ignite Realtime Openfire version 4.6.0 Description: The issue is related to a Stored XSS in the create-bookmark.jsp file, affecting users. Recommendations: For Ignite Realtime Openfire version 4.6.0, consider restricting access to the...

Ignite Realtime Openfire Cross-Site Scripting Vulnerability

Ignite Realtime Openfire is a cross-platform open source Real-Time Collaboration RTC server developed by the Ignite Realtime community in Java and based on XMPP formerly known as Jabber, Instant Messaging Protocol, which is capable of building efficient instant messaging servers and supporting te...

PT-2020-17288 · Ignite Realtime · Openfire

Name of the Vulnerable Software and Affected Versions: Ignite Realtime Openfire version 4.6.0 Description: The issue is related to a Stored XSS in the create-bookmark.jsp file, specifically with the groupchatJID parameter. This allows for potential malicious script execution. Recommendations: For...

PT-2020-17289 · Ignite Realtime · Openfire

Name of the Vulnerable Software and Affected Versions: Ignite Realtime Openfire version 4.6.0 Description: The issue is related to a Reflective XSS in the plugins/clientcontrol/spark-form.jsp file. Recommendations: For Ignite Realtime Openfire version 4.6.0, consider restricting access to the...

Ignite Realtime Openfire 跨站脚本漏洞

Ignite Realtime Openfire is a real-time collaboration RTC server licensed under the open source Apache license. Ignite Realtime Openfire 4.6.0 suffers from a create-bookmark.jsp groupchatJID stored cross-site scripting vulnerability. An attacker can exploit this vulnerability to steal sensitive...

Ignite Realtime Openfire Cross-Site Scripting Vulnerability

Ignite Realtime Openfire is a cross-platform open source Real-Time Collaboration RTC server developed by the Ignite Realtime community in Java and based on XMPP formerly known as Jabber, Instant Messaging Protocol, which is capable of building efficient instant messaging servers and supporting te...

PT-2020-17291 · Ignite Realtime · Openfire

Name of the Vulnerable Software and Affected Versions: Ignite Realtime Openfire version 4.6.0 Description: The issue is related to a sql Stored XSS in the db-access.jsp file within the dbaccess plugin. Recommendations: For Ignite Realtime Openfire version 4.6.0, consider restricting access to the...

CVE-2020-35127

Ignite Realtime Openfire 4.6.0 has plugins/bookmarks/create-bookmark.jsp Stored XSS...

CVE-2020-35127

Ignite Realtime Openfire 4.6.0 has plugins/bookmarks/create-bookmark.jsp Stored XSS...

Cross site scripting

Ignite Realtime Openfire 4.6.0 has plugins/bookmarks/create-bookmark.jsp Stored XSS...

CVE-2020-35127

Ignite Realtime Openfire 4.6.0 has plugins/bookmarks/create-bookmark.jsp Stored XSS...

CVE-2020-35127

CVE-2020-35127 affects Ignite Realtime Openfire 4.6.0 with a stored XSS in the bookmarks plugin, specifically in create-bookmark.jsp. The vulnerability arises from the bookmarks/create-bookmark.jsp handling potentially unsanitized input, enabling an attacker to inject scripts that may execute in ...

PT-2020-17262 · Ignite Realtime · Openfire

Name of the Vulnerable Software and Affected Versions: Ignite Realtime Openfire version 4.6.0 Description: The issue is related to a Stored XSS in the create-bookmark.jsp file within the bookmarks plugin. Recommendations: For Ignite Realtime Openfire version 4.6.0, consider restricting access to...

Ignite Realtime Openfire Cross-Site Scripting Vulnerability

Ignite Realtime Openfire is a cross-platform open source Real-Time Collaboration RTC server developed by the Ignite Realtime community in Java and based on XMPP formerly known as Jabber, the Instant Messaging Protocol, which is capable of building efficient instant messaging servers and supportin...

Openfire 4.6.0 - 'users' Stored XSS

Exploit Title: Openfire 4.6.0 - 'users' Stored XSS Date: 2020/12/11 Exploit Author: j5s Vendor Homepage: https://github.com/igniterealtime/Openfire Software Link: https://www.igniterealtime.org/downloads/ Version: 4.6.0 POST /plugins/bookmarks/create-bookmark.jsp HTTP/1.1 Host: 192.168.137.137:90...

Openfire 4.6.0 - 'sql' Stored XSS

Exploit Title: Openfire 4.6.0 - 'sql' Stored XSS Date: 20201211 Exploit Author: j5s Vendor Homepage: https://github.com/igniterealtime/Openfire Software Link: https://www.igniterealtime.org/downloads/ Version: 4.6.0 POST /plugins/dbaccess/db-access.jsp HTTP/1.1 Host: 192.168.137.137:9090...

Openfire 4.6.0 - 'groupchatJID' Stored XSS

Exploit Title: Openfire 4.6.0 - 'groupchatJID' Stored XSS Date: 2020/12/11 Exploit Author: j5s Vendor Homepage: https://github.com/igniterealtime/Openfire Software Link: https://www.igniterealtime.org/downloads/ Version: 4.6.0 POST /plugins/bookmarks/create-bookmark.jsp HTTP/1.1 Host:...

Openfire 4.6.0 Cross Site Scripting

Exploit Title: Openfire 4.6.0 - 'path' Stored XSS Date: 20201209 Exploit Author: j5s Vendor Homepage: https://github.com/igniterealtime/Openfire Software Link: https://www.igniterealtime.org/downloads/ Version: 4.6.0 POST /plugins/nodejs/nodejs.jsp HTTP/1.1 Host: 192.168.137.137:9090 User-Agent:...

Openfire 4.6.0 - 'path' Stored XSS

Exploit Title: Openfire 4.6.0 - 'path' Stored XSS Date: 20201209 Exploit Author: j5s Vendor Homepage: https://github.com/igniterealtime/Openfire Software Link: https://www.igniterealtime.org/downloads/ Version: 4.6.0 POST /plugins/nodejs/nodejs.jsp HTTP/1.1 Host: 192.168.137.137:9090 User-Agent:...

Openfire < 4.5.2 Multiple XSS Vulnerabilities

Openfire is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...