CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

559 matches found

CVE•added 2019/08/23 12:37 p.m.•68 views

CVE-2019-15488

CVE-2019-15488 affects Ignite Realtime Openfire before 4.4.1, where the LDAP setup test endpoint processes input in a way that allows a reflected XSS payload. The issue is described as a reflected XSS via the LDAP setup test in multiple sources (Openfire, Red Hat advisory, OSV, etc.). No explicit...

6.1CVSS5.9AI score0.00905EPSS

Exploits0References2Affected Software1

OpenVAS•added 2018/06/15 12:0 a.m.•31 views

Openfire < 3.9.2 Reflected XSS Vulnerability - Active Check

Openfire is prone to a reflected cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

6.1CVSS6AI score0.0242EPSS

Exploits2References2

CNVD•added 2018/06/14 12:0 a.m.•5 views

Ignite Realtime Openfire Cross-Site Scripting Vulnerability (CNVD-2018-14347)

Ignite Realtime Openfire formerly known as Wildfire is the IgniteRealtime community of a Java development and based on XMPP formerly known as Jabber, Instant Messaging Protocol cross-platform open-source real-time collaboration RTC server , it can build a high-efficiency instant messaging servers...

6.1CVSS6.1AI score0.0242EPSS

Exploits2References1

NVD•added 2018/06/13 4:29 p.m.•43 views

CVE-2018-11688

Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site,...

6.1CVSS6.2AI score0.0242EPSS

Exploits2References7

OSV•added 2018/06/13 4:29 p.m.•21 views

CVE-2018-11688

6.1CVSS6.5AI score0.0242EPSS

Exploits2References7

Prion•added 2018/06/13 4:29 p.m.•16 views

Cross site scripting

4.3CVSS6.2AI score0.0242EPSS

Exploits2References7Affected Software1

Cvelist•added 2018/06/13 4:0 p.m.•35 views

CVE-2018-11688

6.2AI score0.0242EPSS

Exploits2References7

CVE•added 2018/06/13 4:0 p.m.•81 views

CVE-2018-11688

CVE-2018-11688 affects Ignite Realtime Openfire prior to 3.9.2. The vulnerability is a cross-site scripting (XSS) flaw caused by improper validation of user-supplied input, enabling a remote attacker to craft a URL that, when clicked, executes script in the victim’s browser within the site’s secu...

6.1CVSS6.2AI score0.0242EPSS

Exploits2References7Affected Software1

Packet Storm•added 2018/06/05 12:0 a.m.•40 views

Ignite Realtime Openfire 3.7.1 Cross Site Scripting

I. VULNERABILITY ------------------------- Ignite Realtime Openfire Version 3.7.1 Reflected Cross Site Scripting II. CVE REFERENCE ------------------------- CVE-2018-11688 III. VENDOR HOMEPAGE ------------------------- https://www.igniterealtime.org/projects/openfire/ IV. DESCRIPTION...

6.3AI score0.0242EPSS

Exploits2

CNVD•added 2018/05/17 12:0 a.m.•3 views

OpenFire User Import Export Plugin XML External Entity Injection Vulnerability

OpenFire is an open source real-time collaboration RTC server . User Import Export Plugin is one of the ability to import and export Openfire user data through the management console plugin . An XML external entity injection vulnerability exists in the OpenFire User Import Export Plugin version...

8.1CVSS8.2AI score0.00933EPSS

Exploits1References1

Prion•added 2018/05/15 5:29 p.m.•11 views

Design/Logic Flaw

An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web request can cause the retrieval of arbitrary files or denial of service. An authenticated attacker can send a crafted web request to trigger this vulnerability...

5.5CVSS7.8AI score0.00933EPSS

Exploits1References1Affected Software1

NVD•added 2018/05/15 5:29 p.m.•21 views

CVE-2017-2815

8.1CVSS8AI score0.00933EPSS

Exploits1References1

OSV•added 2018/05/15 5:29 p.m.•2 views

CVE-2017-2815

8.1CVSS5.9AI score0.00933EPSS

Exploits1References1

Cvelist•added 2018/05/15 5:0 p.m.•26 views

CVE-2017-2815

8.1CVSS8AI score0.00933EPSS

Exploits1References1

CVE•added 2018/05/15 5:0 p.m.•61 views

CVE-2017-2815

OpenFire User Import Export Plugin 2.6.0 is vulnerable to XML External Entity (XXE) injection (CVE-2017-2815). An authenticated attacker can send a crafted request to trigger XXE, enabling retrieval of arbitrary files or causing a Denial of Service. Affected component: OpenFire User Import Export...

8.1CVSS7.9AI score0.00933EPSS

Exploits1References1Affected Software1

CNVD•added 2017/10/27 12:0 a.m.•3 views

Ignite Realtime Openfire Cross-Site Scripting Vulnerability

Openfire is a cross-platform real-time collaboration server based on the XMPP Jabber protocol. A cross-site scripting vulnerability exists in the administration console in Ignite Realtime Openfire server versions prior to 4.1.7. An attacker can execute arbitrary JavaScript code on the victim clie...

4.8CVSS6.6AI score0.00728EPSS

Exploits0References1

NVD•added 2017/10/26 5:29 p.m.•21 views

CVE-2017-15911

The Admin Console in Ignite Realtime Openfire Server before 4.1.7 allows arbitrary client-side JavaScript code execution on victims who click a crafted setup/setup-host-settings.jsp?domain= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protection...

4.8CVSS5.7AI score0.00728EPSS

Exploits0References2

Prion•added 2017/10/26 5:29 p.m.•14 views

Design/Logic Flaw

3.5CVSS5.6AI score0.00728EPSS

Exploits0References2Affected Software1

OSV•added 2017/10/26 5:29 p.m.•14 views

CVE-2017-15911

4.8CVSS7.6AI score0.00728EPSS

Exploits0References2

Cvelist•added 2017/10/26 5:0 p.m.•23 views

CVE-2017-15911