RSS   Podatności dla 'Openfire'   RSS

2020-03-19
 
CVE-2019-20526

CWE-79
 

 
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp password parameter.

 
 
CVE-2019-20525

CWE-79
 

 
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp driver parameter.

 
 
CVE-2019-20527

CWE-79
 

 
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp serverURL parameter.

 
2020-03-18
 
CVE-2019-20528

CWE-79
 

 
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp username parameter.

 
2020-01-08
 
CVE-2019-20366

CWE-79
 

 
An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via isTrustStore to Manage Store Contents.

 
 
CVE-2019-20365

CWE-79
 

 
An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via search to the Users/Group search page.

 
 
CVE-2019-20364

CWE-79
 

 
An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via cacheName to SystemCacheDetails.jsp.

 
 
CVE-2019-20363

CWE-79
 

 
An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via alias to Manage Store Contents.

 
2019-08-23
 
CVE-2019-15488

CWE-79
 

 
Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test.

 
2018-06-13
 
CVE-2018-11688

CWE-79
 

 
Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

 


Copyright 2020, cxsecurity.com

 

Back to Top