CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

260 matches found

Ignite Realtime Openfire <=4.4.2 - Server-Side Request Forgery

Ignite Realtime Openfire through version 4.4.2 allows attackers to send arbitrary HTTP GET requests in FaviconServlet.java, resulting in server-side request forgery. id: CVE-2019-18394 info: name: Ignite Realtime Openfire =4.4.3 to fix this vulnerability. reference: -...

9.8CVSS8.5AI score0.32304EPSS

Exploits1References5

RedhatCVE•added 2026/01/09 10:19 a.m.•4 views

CVE-2019-18394

A Server Side Request Forgery SSRF vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests...

9.8CVSS7AI score0.32304EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:8 a.m.•6 views

CVE-2019-20364

An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via cacheName to SystemCacheDetails.jsp...

6.1CVSS6AI score0.01172EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:8 a.m.•5 views

CVE-2019-20526

Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp password parameter...

6.1CVSS6AI score0.00906EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:8 a.m.•8 views

CVE-2019-20366

An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via isTrustStore to Manage Store Contents...

6.1CVSS5.9AI score0.01265EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:6 a.m.•5 views

CVE-2019-20363

An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via alias to Manage Store Contents...

6.1CVSS6AI score0.01411EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:6 a.m.•6 views

CVE-2019-20525

Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp driver parameter...

6.1CVSS5.8AI score0.00906EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:6 a.m.•4 views

CVE-2019-20527

Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp serverURL parameter...

6.1CVSS5.8AI score0.00906EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:6 a.m.•8 views

CVE-2019-20365

An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via search to the Users/Group search page...

6.1CVSS6AI score0.01172EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:49 a.m.•7 views

CVE-2020-24601

In Ignite Realtime Openfire 4.5.1 a Stored Cross-site Vulnerability allows an attacker to execute an arbitrary malicious URL via the vulnerable POST parameter searchName", "alias" in the import certificate trusted page...

6.1CVSS6.9AI score0.0062EPSS

Exploits1References1