6 matches found
CVE-2009-0496
Openfire (Ignite Realtime) versions prior to 3.6.3 are affected by multiple input-validation vulnerabilities (CVE-2009-0496 among others) in several .jsp pages, which could allow remote attackers to inject XSS and potentially upload a malicious plugin to achieve arbitrary code execution. The Gent...
CVE-2008-1728
CVE-2008-1728 : The Ignite Realtime Openfire 3.4.5 open-source Jabber server is affected via ConnectionManagerImpl.java, where remote authenticated users can trigger large outgoing queues without reading messages, causing a denial of service (daemon outage). The NVD entry lists a base CVSS v2 sco...
CVE-2006-7233
Openfire (formerly Wildfire) 2.6.0 admin console login.jsp suffers a Cross-site Scripting (XSS) vulnerability. The issue allows remote attackers to inject arbitrary web script or HTML via the url parameter, potentially affecting versions prior to 3.5.3. The description does not specify a concrete...
CVE-2007-2975
CVE-2007-2975 affects Ignite Realtime Openfire 3.3.0 and earlier (Wildfire). The root cause is an improper filter mapping specification in web.xml for the admin console, allowing remote attackers to gain privileges and execute arbitrary code via functionality exposed through DWR (demonstrated usi...
CVE-2005-4876
The CVE describes an XSS in Openfire’s admin console login.jsp. Affected: Openfire (Wildfire) 2.2.2, and possibly earlier than 2.3.0 Beta 2. The vulnerability arises from improper handling of the username parameter, allowing remote attackers to inject arbitrary script/HTML. This is a component-le...
CVE-2005-4877
Openfire 2.3.0 Beta 2 (formerly Wildfire) is affected by CVE-2005-4877, a cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console. The issue arises from the username parameter, where remote attackers can inject arbitrary web script or HTML via Javascript events...