Ignite Realtime Openfire user-create.jsp Cross-Site Request Forgery (CVE-2015-6973)
A cross-site request forgery vulnerability has been reported in Openfire's user-create.jsp script. The vulnerability is due to insufficient CSRF protections. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user with administrator privileges to visit a page which...