Openfire@3.10.2 Security Vulnerabilities and Issues — Openfire@3.10.2 CVE List

Lucene search

IgniterealtimeOpenfire3.10.2

3 matches found

CVE•added 2015/09/16 7:59 p.m.•42 views

CVE-2015-6972

Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to inject arbitrary web script or HTML via the (1) groupchatName parameter to plugins/clientcontrol/create-bookmark.jsp; the (2) urlName parameter to plugins/clientcontrol/create-bookmark.j...

4.3CVSS4.6AI score0.03408EPSS

CVE•added 2015/09/16 7:59 p.m.•38 views

CVE-2015-6973

Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via a crafted request to user-password.jsp, (2) add users via a crafted request to user-create....

6.8CVSS7.2AI score0.16084EPSS

CVE•added 2015/10/05 3:59 p.m.•37 views

CVE-2015-7707

Ignite Realtime Openfire 3.10.2 allows remote authenticated users to gain administrator access via the isadmin parameter to user-edit-form.jsp.

6.5CVSS6.5AI score0.03857EPSS