Openfire Security Vulnerabilities and Issues — Openfire CVE List

Lucene search

IgniterealtimeOpenfire

7 matches found

CVE•added 2019/10/24 11:15 a.m.•83 views

CVE-2019-18393

PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability.

5.3CVSS5.5AI score0.83848EPSS

CVE•added 2020/12/11 5:15 a.m.•59 views

CVE-2020-35127

Ignite Realtime Openfire 4.6.0 has plugins/bookmarks/create-bookmark.jsp Stored XSS.

5.4CVSS5.6AI score0.00319EPSS

CVE•added 2020/12/12 6:15 p.m.•46 views

CVE-2020-35201

Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp users Stored XSS.

5.4CVSS5.6AI score0.00169EPSS

CVE•added 2009/03/23 8:0 p.m.•44 views

CVE-2008-6511

Open redirect vulnerability in login.jsp in Openfire 3.6.0a and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter.

5.8CVSS6.5AI score0.01459EPSS

CVE•added 2020/12/12 6:15 p.m.•41 views

CVE-2020-35202

Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql Stored XSS.

5.4CVSS5.6AI score0.00169EPSS

CVE•added 2009/02/10 1:30 a.m.•40 views

CVE-2009-0497

Directory traversal vulnerability in log.jsp in Ignite Realtime Openfire 3.6.2 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the log parameter.

5CVSS6.4AI score0.05924EPSS

CVE•added 2020/12/12 6:15 p.m.•40 views

CVE-2020-35199

Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp groupchatJID Stored XSS.

5.4CVSS5.6AI score0.00169EPSS