CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

559 matches found

CNVD•added 2020/09/03 12:0 a.m.•3 views

Ignite Realtime Openfire Cross-Site Scripting Vulnerability (CNVD-2020-50965)

Ignite Realtime Openfire is a real-time collaboration RTC server licensed under the open source Apache license. Ignite Realtime Openfire 4.5.1 suffers from a stored cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary malicious URLs...

6.1CVSS6.6AI score0.0062EPSS

Exploits1References1

CNVD•added 2020/09/03 12:0 a.m.•6 views

Ignite Realtime Openfire Cross-Site Scripting Vulnerability (CNVD-2020-50966)

Ignite Realtime Openfire is a real-time collaboration RTC server licensed under the open source Apache license. A cross-site scripting vulnerability exists in Ignite Realtime Openfire 4.5.1, which can be exploited by an attacker via the "searchName", "searchValue", " searchDescription",...

6.1CVSS6.7AI score0.01012EPSS

Exploits1References1

CNVD•added 2020/09/03 12:0 a.m.•3 views

Ignite Realtime Openfire Cross-Site Scripting Vulnerability (CNVD-2020-50967)

Ignite Realtime Openfire is a real-time collaboration RTC server licensed under the open source Apache license. Ignite Realtime Openfire 4.5.1 suffers from a cross-site scripting vulnerability that can be exploited by an attacker via "searchName", "searchValue", " searchDescription",...

6.1CVSS6.3AI score0.01169EPSS

Exploits1References1

NVD•added 2020/09/02 3:15 p.m.•18 views

CVE-2020-24602

Ignite Realtime Openfire 4.5.1 has a reflected Cross-site scripting vulnerability which allows an attacker to execute arbitrary malicious URL via the vulnerable GET parameter searchName", "searchValue", "searchDescription", "searchDefaultValue","searchPlugin", "searchDescription" and...

6.1CVSS6.4AI score0.01012EPSS

Exploits1References2

NVD•added 2020/09/02 3:15 p.m.•22 views

CVE-2020-24604

A Reflected XSS vulnerability was discovered in Ignite Realtime Openfire version 4.5.1. The XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the GET request "searchName", "searchValue", "searchDescription", "searchDefaultValue","searchPlugin", "searchDescriptio...

6.1CVSS6AI score0.01169EPSS

Exploits1References2

OSV•added 2020/09/02 3:15 p.m.•19 views

CVE-2020-24604

6.1CVSS5.9AI score0.01169EPSS

Exploits1References2

OSV•added 2020/09/02 3:15 p.m.•22 views

CVE-2020-24601

In Ignite Realtime Openfire 4.5.1 a Stored Cross-site Vulnerability allows an attacker to execute an arbitrary malicious URL via the vulnerable POST parameter searchName", "alias" in the import certificate trusted page...

6.1CVSS6.9AI score0.0062EPSS

Exploits1References2

OSV•added 2020/09/02 3:15 p.m.•16 views

CVE-2020-24602

6.1CVSS6.9AI score0.01012EPSS

Exploits1References2

ATTACKERKB•added 2020/09/02 3:15 p.m.•3 views

CVE-2020-24604

6.1CVSS5.6AI score0.01169EPSS

Exploits1References3

ATTACKERKB•added 2020/09/02 3:15 p.m.•3 views

CVE-2020-24602

6.1CVSS5.8AI score0.01012EPSS

Exploits1References3

Prion•added 2020/09/02 3:15 p.m.•16 views

Cross site scripting

4.3CVSS6.3AI score0.01012EPSS

Exploits1References2Affected Software1

ATTACKERKB•added 2020/09/02 3:15 p.m.•2 views

CVE-2020-24601

6.1CVSS5.7AI score0.0062EPSS

Exploits1References3

Prion•added 2020/09/02 3:15 p.m.•14 views

Cross site scripting

4.3CVSS6.3AI score0.0062EPSS

Exploits1References2Affected Software1

Prion•added 2020/09/02 3:15 p.m.•11 views

Cross site scripting

4.3CVSS6AI score0.01169EPSS

Exploits1References2Affected Software1

Cvelist•added 2020/09/02 2:41 p.m.•25 views

CVE-2020-24601

6.2AI score0.0062EPSS

Exploits1References2

CVE•added 2020/09/02 2:41 p.m.•65 views

CVE-2020-24601

CVE-2020-24601 affects Ignite Realtime Openfire 4.5.1. A stored cross-site scripting vulnerability exists where a POST parameter in the import certificate trusted page (searchName, alias) can be used to execute an arbitrary malicious URL. The connected PT-2020-15761 advisory notes there is no inf...

6.1CVSS6.2AI score0.0062EPSS

Exploits1References2Affected Software1

CVE•added 2020/09/02 2:40 p.m.•39 views

CVE-2020-24604

CVE-2020-24604 describes a reflected XSS in Ignite Realtime Openfire 4.5.1. The vulnerability allows remote attackers to inject arbitrary web script or HTML via GET parameters in the pages server-properties.jsp and security-audit-viewer.jsp (parameters include searchName, searchValue, searchDescr...

6.1CVSS5.9AI score0.01169EPSS

Exploits1References2Affected Software1

Cvelist•added 2020/09/02 2:40 p.m.•28 views

CVE-2020-24604

6AI score0.01169EPSS

Exploits1References2

Cvelist•added 2020/09/02 2:37 p.m.•27 views

CVE-2020-24602

6.3AI score0.01012EPSS

Exploits1References2

CVE•added 2020/09/02 2:37 p.m.•47 views

CVE-2020-24602

Openfire 4.5.1 is affected by a reflected XSS in the Server Properties and Security Audit Viewer JSP page. The vulnerability allows an attacker to trigger arbitrary URL execution by manipulating the vulnerable GET parameters: searchName, searchValue, searchDescription, searchDefaultValue, searchP...

6.1CVSS6.3AI score0.01012EPSS

Exploits1References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by