[ASA-201612-21] openfire: multiple issues

Arch Linux Security Advisory ASA-201612-21 ========================================== Severity: High Date : 2016-12-23 CVE-ID : CVE-2015-6972 CVE-2015-6973 CVE-2015-7707 Package : openfire Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-15 Summary ======= The package...

OpenFire <= 3.10.2 Multiple Vulnerabilities

OpenFire Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:igniterealtime:openfire";...

CVE-2015-6972

CVE-2015-6972 relates to multiple XSS vulnerabilities in Ignite Realtime Openfire 3.10.2. The issues arise from insufficient validation/filtering of inputs in several pages: group-summary.jsp (search parameter), plugins/clientcontrol/create-bookmark.jsp (groupchatName and urlName), and server-ses...

Web Clients HTTP URL JavaScript Function Cross-Site Scripting (CVE-2015-1159; CVE-2015-6099; CVE-2015-6972; CVE-2017-0068)

A cross-site scripting vulnerability has been reported in multiple web clients. The vulnerability is due to improper input validation. A remote attacker could exploit this vulnerability to execute arbitrary scripting or HTML code in the user's browser session...