Lucene search
K
Ignite RealtimeOpenfire

6 matches found

CVE
CVE
added 2009/02/10 1:0 a.m.62 views

CVE-2009-0496

Openfire (Ignite Realtime) versions prior to 3.6.3 are affected by multiple input-validation vulnerabilities (CVE-2009-0496 among others) in several .jsp pages, which could allow remote attackers to inject XSS and potentially upload a malicious plugin to achieve arbitrary code execution. The Gent...

4.3CVSS5.7AI score0.04347EPSS
CVE
CVE
added 2008/04/11 7:0 p.m.58 views

CVE-2008-1728

CVE-2008-1728 : The Ignite Realtime Openfire 3.4.5 open-source Jabber server is affected via ConnectionManagerImpl.java, where remote authenticated users can trigger large outgoing queues without reading messages, causing a denial of service (daemon outage). The NVD entry lists a base CVSS v2 sco...

4CVSS5.9AI score0.01657EPSS
CVE
CVE
added 2008/08/14 10:0 p.m.46 views

CVE-2006-7233

Openfire (formerly Wildfire) 2.6.0 admin console login.jsp suffers a Cross-site Scripting (XSS) vulnerability. The issue allows remote attackers to inject arbitrary web script or HTML via the url parameter, potentially affecting versions prior to 3.5.3. The description does not specify a concrete...

4.3CVSS6.1AI score0.01223EPSS
CVE
CVE
added 2007/06/01 1:0 a.m.45 views

CVE-2007-2975

CVE-2007-2975 affects Ignite Realtime Openfire 3.3.0 and earlier (Wildfire). The root cause is an improper filter mapping specification in web.xml for the admin console, allowing remote attackers to gain privileges and execute arbitrary code via functionality exposed through DWR (demonstrated usi...

7.5CVSS7.8AI score0.02541EPSS
CVE
CVE
added 2008/08/14 10:0 p.m.40 views

CVE-2005-4876

The CVE describes an XSS in Openfire’s admin console login.jsp. Affected: Openfire (Wildfire) 2.2.2, and possibly earlier than 2.3.0 Beta 2. The vulnerability arises from improper handling of the username parameter, allowing remote attackers to inject arbitrary script/HTML. This is a component-le...

4.3CVSS6AI score0.00852EPSS
CVE
CVE
added 2008/08/14 10:0 p.m.36 views

CVE-2005-4877

Openfire 2.3.0 Beta 2 (formerly Wildfire) is affected by CVE-2005-4877, a cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console. The issue arises from the username parameter, where remote attackers can inject arbitrary web script or HTML via Javascript events...

4.3CVSS5.9AI score0.00852EPSS