PT-2020-15761 · Ignite Realtime · Openfire

Name of the Vulnerable Software and Affected Versions: Openfire version 4.5.1 Description: A Stored Cross-site issue allows an attacker to execute an arbitrary malicious URL via the vulnerable searchName and alias parameters in the import certificate trusted page, specifically through a POST...

PT-2020-15763 · Ignite Realtime · Openfire

Name of the Vulnerable Software and Affected Versions: Ignite Realtime Openfire version 4.5.1 Description: A Reflected XSS issue was discovered, allowing remote attackers to inject arbitrary web script or HTML via the GET request parameters searchName, searchValue, searchDescription,...

PT-2020-15762 · Ignite Realtime · Openfire

Name of the Vulnerable Software and Affected Versions: Ignite Realtime Openfire version 4.5.1 Description: The issue allows an attacker to execute arbitrary malicious code via a reflected Cross-site scripting vulnerability. This is achieved by exploiting the vulnerable GET parameters searchName,...

The vulnerability in the PluginServlet.java function of the Openfire XMPP server allows a hacker to compromise the confidentiality of protected information.

The vulnerability in the PluginServlet.java function of the XMPP server Openfire exists due to an incorrect path limitation for the restricted access directory. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality of the protected information...

Vulnerability of the FaviconServlet.java function in the Openfire XMPP server, allowing attackers to send arbitrary HTTP GET requests

The vulnerability in the FaviconServlet.java function of the Openfire XMPP server is related to insufficient checking of incoming requests. Exploiting this vulnerability allows a malicious actor to send arbitrary HTTP GET requests remotely...

Openfire < 4.4.3 Multiple Vulnerabilities

Openfire is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:igniterealtime:openfire";...

Exploit for Path Traversal in Igniterealtime Openfire

PoC exploit for CVE-2019-18393 and CVE-2019-18394, which are related to MongoDB and Redis vulnerabilities. The repository contains information on how to exploit these vulnerabilities, including a demonstration of how an attacker can gain unauthorized access to a MongoDB database and a Redis serve...

Ignite Realtime Openfire Cross-Site Scripting Vulnerability

Ignite Realtime Openfire is a real-time collaboration RTC server licensed under the open source Apache license. A cross-site scripting vulnerability exists in Ignite Realtime Openfire 4.4.1. An attacker can exploit this vulnerability via the setup/setup-datasource-standard.jsp password parameter ...

Ignite Realtime Openfire Cross-Site Scripting Vulnerability (CNVD-2020-18551)

Ignite Realtime Openfire is a real-time collaboration RTC server licensed under the open source Apache license. A cross-site scripting vulnerability exists in Ignite Realtime Openfire 4.4.1. An attacker can exploit this vulnerability to conduct a cross-site scripting attack via the...

Ignite Realtime Openfire Cross-Site Scripting Vulnerability (CNVD-2020-22261)

Ignite Realtime Openfire is the Ignite Realtime community of a Java development and based on XMPP formerly known as Jabber, Instant Messaging Protocol cross-platform open source real-time collaboration RTC server , it can build a highly efficient instant messaging server , and supports tens of...

CVE-2019-20526

Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp password parameter...

CVE-2019-20526

Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp password parameter...

CVE-2019-20525

Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp driver parameter...

CVE-2019-20525

Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp driver parameter...

Design/Logic Flaw

Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp password parameter...

Design/Logic Flaw

Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp driver parameter...

CVE-2019-20526

Affected software: Ignite Realtime Openfire 4.4.1. Vulnerability: Cross-site scripting (XSS) via the password parameter in setup/setup-datasource-standard.jsp. Root cause: Parameter handling vulnerability that allows injected script in the login/config setup flow. Impact: XSS could affect users i...

CVE-2019-20526

Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp password parameter...

CVE-2019-20525

CVE-2019-20525 affects Ignite Realtime Openfire 4.4.1, which is vulnerable to cross-site scripting via the setup/setup-datasource-standard.jsp driver parameter. The issue’s root cause is an XSS vector in that parameter handling. A fix exists in Openfire 4.4.2, per multiple advisories (including G...

CVE-2019-20525

Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp driver parameter...