559 matches found
CVE-2019-20527
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp serverURL parameter...
CVE-2019-20527
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp serverURL parameter...
Design/Logic Flaw
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp serverURL parameter...
CVE-2019-20527
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp serverURL parameter...
CVE-2019-20527
Summary: Openfire 4.4.1 is affected by a cross-site scripting vulnerability driven by the serverURL parameter in setup/datasource-standard.jsp. The issue allows an attacker to inject and execute client-side scripts in the context of an Openfire Web UI session. The root cause is insufficient valid...
Ignite Realtime Openfire Cross-Site Scripting Vulnerability (CNVD-2020-25831)
Ignite Realtime Openfire is the Ignite Realtime community of a Java development and based on XMPP formerly known as Jabber, Instant Messaging Protocol cross-platform open source real-time collaboration RTC server , it can build a highly efficient instant messaging server , and supports tens of...
Openfire < 4.4.2 Multiple Vulnerabilities
Openfire is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:igniterealtime:openfire";...
CVE-2019-20528
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp username parameter...
CVE-2019-20528
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp username parameter...
Design/Logic Flaw
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp username parameter...
CVE-2019-20528
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp username parameter...
CVE-2019-20528
The CVE-2019-20528 entry concerns Ignite Realtime Openfire 4.4.1, where a cross-site scripting (XSS) vulnerability can be triggered through the username parameter in the setup/setup-datasource-standard.jsp page. This is caused by improper input handling in the web application, enabling an attacke...
Ignite Realtime Openfire Cross-Site Scripting Vulnerability (CNVD-2020-01242)
Ignite Realtime Openfire is the Ignite Realtime community of a Java development and based on XMPP formerly known as Jabber, Instant Messaging Protocol cross-platform open source real-time collaboration RTC server , it can build a highly efficient instant messaging server , and supports tens of...
Ignite Realtime Openfire Cross-Site Scripting Vulnerability (CNVD-2020-01243)
Ignite Realtime Openfire is the Ignite Realtime community of a Java development and based on XMPP formerly known as Jabber, Instant Messaging Protocol cross-platform open source real-time collaboration RTC server , it can build a highly efficient instant messaging server , and supports tens of...
Ignite Realtime Openfire Cross-Site Scripting Vulnerability (CNVD-2020-01244)
Ignite Realtime Openfire is the Ignite Realtime community of a Java development and based on XMPP formerly known as Jabber, Instant Messaging Protocol cross-platform open source real-time collaboration RTC server , it can build a highly efficient instant messaging server , and supports tens of...
Ignite Realtime Openfire Cross-Site Scripting Vulnerability (CNVD-2020-01245)
Ignite Realtime Openfire is the Ignite Realtime community of a Java development and based on XMPP formerly known as Jabber, Instant Messaging Protocol cross-platform open source real-time collaboration RTC server , it can build a highly efficient instant messaging server , and supports tens of...
Openfire 4.3.x < 4.5.0 Multiple XSS Vulnerabilities
Openfire is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2019-20365
An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via search to the Users/Group search page...
CVE-2019-20363
An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via alias to Manage Store Contents...
CVE-2019-20364
An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via cacheName to SystemCacheDetails.jsp...