CVE-2019-20366

An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via isTrustStore to Manage Store Contents...

CVE-2019-20364

An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via cacheName to SystemCacheDetails.jsp...

CVE-2019-20366

An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via isTrustStore to Manage Store Contents...

CVE-2019-20363

An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via alias to Manage Store Contents...

CVE-2019-20365

An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via search to the Users/Group search page...

Cross site scripting

An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via search to the Users/Group search page...

Cross site scripting

An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via alias to Manage Store Contents...

Cross site scripting

An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via isTrustStore to Manage Store Contents...

CVE-2019-20363

An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via alias to Manage Store Contents...

CVE-2019-20363

Openfire 4.4.4 from Ignite Realtime has a cross-site scripting (XSS) vulnerability exposed via an alias to Manage Store Contents. The connected documents confirm the issue but do not provide detailed root-cause, exploit paths, affected components beyond the web interface, or a published fix. No r...

CVE-2019-20364

Ignite Realtime Openfire 4.4.4 is affected by CVE-2019-20364, an XSS vulnerability exploitable via the cacheName parameter in SystemCacheDetails.jsp. The issue originates from Openfire’s web component validating client-side data, allowing potentially crafted input to execute in a user’s browser. ...

CVE-2019-20364

An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via cacheName to SystemCacheDetails.jsp...

CVE-2019-20365

An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via search to the Users/Group search page...

CVE-2019-20365

The connected records confirm a cross-site scripting (XSS) vulnerability in Ignite Realtime Openfire 4.4.4, exploitable via the Users/Group search page. No public details in these documents specify the root cause beyond it being an XSS issue, or provide patch/version remediation. Other sources re...

CVE-2019-20366

An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via isTrustStore to Manage Store Contents...

CVE-2019-20366

CVE-2019-20366: Ignite Realtime Openfire 4.4.4 contains an XSS vulnerability exploitable via isTrustStore to Manage Store Contents. The connected Red Hat, OSV, OSV-GHSA, and CVE listings corroborate an XSS issue affecting Openfire’s management UI. The public documents do not specify root-cause de...

Ignite Realtime Openfire Server-Side Request Forgery Vulnerability

Ignite Realtime Openfire is a real-time collaboration RTC server licensed under the open source Apache license. A server-side request forgery SSRF vulnerability exists in FaviconServlet.java in Ignite Realtime Openfire 4.4.2 and earlier versions. An attacker can exploit this vulnerability to send...

Ignite Realtime Openfire Directory Traversal Vulnerability

Ignite Realtime Openfire is a real-time collaboration RTC server licensed under the open source Apache license. A directory traversal vulnerability exists in Ignite Realtime Openfire 4.4.2 and earlier versions. The vulnerability stems from PluginServlet.java in Openfire not ensuring that retrieve...

CVE-2019-18393

PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability...

CVE-2019-18394

A Server Side Request Forgery SSRF vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests...