107 matches found
Ignite Realtime Openfire <=4.4.2 - Server-Side Request Forgery
Ignite Realtime Openfire through version 4.4.2 allows attackers to send arbitrary HTTP GET requests in FaviconServlet.java, resulting in server-side request forgery. id: CVE-2019-18394 info: name: Ignite Realtime Openfire =4.4.3 to fix this vulnerability. reference: -...
CVE-2019-18394
A Server Side Request Forgery SSRF vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests...
CVE-2019-20526
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp password parameter...
CVE-2019-20366
An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via isTrustStore to Manage Store Contents...
CVE-2019-20525
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp driver parameter...
CVE-2019-20365
An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via search to the Users/Group search page...
CVE-2019-20527
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp serverURL parameter...
EUVD-2019-10916
Malware in sbrugna...
EUVD-2019-10917
Malware in sbrugna...
EUVD-2020-17321
Malware in sbrugna...
EUVD-2022-1879
Malicious code in bioql PyPI...
EUVD-2022-4508
Malicious code in bioql PyPI...
CVE-2020-35199
Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp groupchatJID Stored XSS...
CVE-2020-35127
Ignite Realtime Openfire 4.6.0 has plugins/bookmarks/create-bookmark.jsp Stored XSS...
CVE-2024-25420
An issue in Ignite Realtime Openfire before 4.8.1 allows a remote attacker to escalate privileges via the admin.authorizedJIDs system property component...
CVE-2024-25421
An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate privileges via the ROOMCACHE component...
CVE-2024-25421
An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate privileges via the ROOMCACHE component...
CVE-2024-25420
An issue in Ignite Realtime Openfire before 4.8.1 allows a remote attacker to escalate privileges via the admin.authorizedJIDs system property component...
BIT-OPENFIRE-2020-24604
A Reflected XSS vulnerability was discovered in Ignite Realtime Openfire version 4.5.1. The XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the GET request "searchName", "searchValue", "searchDescription", "searchDefaultValue","searchPlugin", "searchDescriptio...
BIT-OPENFIRE-2020-35127
Ignite Realtime Openfire 4.6.0 has plugins/bookmarks/create-bookmark.jsp Stored XSS...