CVE-2017-15911
The CVE-2017-15911 entry concerns Ignite Realtime Openfire Server prior to 4.1.7, where the Admin Console is vulnerable to cross-site scripting (XSS) via a crafted setup/setup-host-settings.jsp?domain= link. This allows arbitrary client-side JavaScript execution on victims after login, with poten...