Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
igniterealtime openfire vulnerabilities and exploits
(subscribe to this query)
446
VMScore
CVE-2019-18393
PluginServlet.java in Ignite Realtime Openfire up to and including 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability.
Igniterealtime Openfire
445
VMScore
CVE-2014-3451
OpenFire XMPP Server prior to 3.10 accepts self-signed certificates, which allows remote malicious users to perform unspecified spoofing attacks.
Igniterealtime Openfire
435
VMScore
CVE-2015-6972
Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote malicious users to inject arbitrary web script or HTML via the (1) groupchatName parameter to plugins/clientcontrol/create-bookmark.jsp; the (2) urlName parameter to plugins/client...
Igniterealtime Openfire 3.10.2
1 EDB exploit
435
VMScore
CVE-2008-6510
Cross-site scripting (XSS) vulnerability in login.jsp in the Admin Console in Openfire 3.6.0a and previous versions allows remote malicious users to inject arbitrary web script or HTML via the url parameter.
Igniterealtime Openfire 2.6.1
Igniterealtime Openfire 3.2.0
Igniterealtime Openfire 3.2.1
Igniterealtime Openfire 3.4.1
Igniterealtime Openfire 3.0.0
Igniterealtime Openfire 3.0.1
Igniterealtime Openfire 3.3.0
Igniterealtime Openfire 3.3.2
Igniterealtime Openfire 3.5.0
Igniterealtime Openfire 3.5.1
Igniterealtime Openfire 3.4.3
Igniterealtime Openfire
Igniterealtime Openfire 2.6.0
Igniterealtime Openfire 2.6.2
Igniterealtime Openfire 3.2.2
Igniterealtime Openfire 3.2.3
Igniterealtime Openfire 3.2.4
Igniterealtime Openfire 3.4.4
Igniterealtime Openfire 3.4.5
Igniterealtime Openfire 3.1.0
Igniterealtime Openfire 3.1.1
Igniterealtime Openfire 3.3.3
1 EDB exploit
405
VMScore
CVE-2009-1595
The jabber:iq:auth implementation in IQAuthHandler.java in Ignite Realtime Openfire prior to 3.6.4 allows remote authenticated users to change the passwords of arbitrary accounts via a modified username element in a passwd_change action.
Igniterealtime Openfire 3.0.1
Igniterealtime Openfire 3.1.0
Igniterealtime Openfire 3.3.0
Igniterealtime Openfire 3.3.2
Igniterealtime Openfire 3.5.1
Igniterealtime Openfire 3.5.2
Igniterealtime Openfire 2.6.2
Igniterealtime Openfire 3.0.0
Igniterealtime Openfire 3.2.3
Igniterealtime Openfire 3.2.4
Igniterealtime Openfire 3.4.4
Igniterealtime Openfire 3.4.5
Igniterealtime Openfire 3.5.0
Igniterealtime Openfire 3.4.2
Igniterealtime Openfire
Igniterealtime Openfire 2.6.0
Igniterealtime Openfire 2.6.1
Igniterealtime Openfire 3.2.1
Igniterealtime Openfire 3.2.2
Igniterealtime Openfire 3.4.1
Igniterealtime Openfire 3.4.3
Igniterealtime Openfire 3.6.2
1 EDB exploit
383
VMScore
CVE-2020-35200
Ignite Realtime Openfire 4.6.0 has plugins/clientcontrol/spark-form.jsp Reflective XSS.
Igniterealtime Openfire 4.6.0
383
VMScore
CVE-2020-24601
In Ignite Realtime Openfire 4.5.1 a Stored Cross-site Vulnerability allows an malicious user to execute an arbitrary malicious URL via the vulnerable POST parameter searchName", "alias" in the import certificate trusted page
Igniterealtime Openfire 4.5.1
383
VMScore
CVE-2020-24604
A Reflected XSS vulnerability exists in Ignite Realtime Openfire version 4.5.1. The XSS vulnerability allows remote malicious users to inject arbitrary web script or HTML via the GET request "searchName", "searchValue", "searchDescription", "sea...
Igniterealtime Openfire 4.5.1
383
VMScore
CVE-2020-24602
Ignite Realtime Openfire 4.5.1 has a reflected Cross-site scripting vulnerability which allows an malicious user to execute arbitrary malicious URL via the vulnerable GET parameter searchName", "searchValue", "searchDescription", "searchDefaultValue&...
Igniterealtime Openfire 4.5.1
383
VMScore
CVE-2019-20526
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp password parameter.
Igniterealtime Openfire 4.4.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »