Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
igniterealtime vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2020-24604
A Reflected XSS vulnerability exists in Ignite Realtime Openfire version 4.5.1. The XSS vulnerability allows remote malicious users to inject arbitrary web script or HTML via the GET request "searchName", "searchValue", "searchDescription", "sea...
Igniterealtime Openfire 4.5.1
4.3
CVSSv2
CVE-2018-11688
Ignite Realtime Openfire prior to 3.9.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context o...
Igniterealtime Openfire 3.7.1
4.3
CVSSv2
CVE-2020-24602
Ignite Realtime Openfire 4.5.1 has a reflected Cross-site scripting vulnerability which allows an malicious user to execute arbitrary malicious URL via the vulnerable GET parameter searchName", "searchValue", "searchDescription", "searchDefaultValue&...
Igniterealtime Openfire 4.5.1
4.3
CVSSv2
CVE-2020-35200
Ignite Realtime Openfire 4.6.0 has plugins/clientcontrol/spark-form.jsp Reflective XSS.
Igniterealtime Openfire 4.6.0
3.5
CVSSv2
CVE-2020-35202
Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql Stored XSS.
Igniterealtime Openfire 4.6.0
6.5
CVSSv2
CVE-2015-7707
Ignite Realtime Openfire 3.10.2 allows remote authenticated users to gain administrator access via the isadmin parameter to user-edit-form.jsp.
Igniterealtime Openfire 3.10.2
1 EDB exploit
5
CVSSv2
CVE-2009-0497
Directory traversal vulnerability in log.jsp in Ignite Realtime Openfire 3.6.2 allows remote malicious users to read arbitrary files via a ..\ (dot dot backslash) in the log parameter.
Igniterealtime Openfire 3.6.2
1 EDB exploit
4.3
CVSSv2
CVE-2020-24601
In Ignite Realtime Openfire 4.5.1 a Stored Cross-site Vulnerability allows an malicious user to execute an arbitrary malicious URL via the vulnerable POST parameter searchName", "alias" in the import certificate trusted page
Igniterealtime Openfire 4.5.1
5.5
CVSSv2
CVE-2017-2815
An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web request can cause the retrieval of arbitrary files or denial of service. An authenticated attacker can send a crafted web request to trigger this vulnerab...
Igniterealtime User Import Export 2.6.0
6.8
CVSSv2
CVE-2014-5075
The Ignite Realtime Smack XMPP API 4.x prior to 4.0.2, and 3.x and 2.x when a custom SSLContext is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the...
Redhat Jboss Fuse
Igniterealtime Smack Api
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4