EPSS
Percentile
97.8%
xmppserver is vulnerable to server-side request forgery (SSRF). The getImage function in FaviconServlet.java allows attackers to send arbitrary HTTP GET requests on behalf of the server.
getImage
FaviconServlet.java
github.com/igniterealtime/Openfire/pull/1497