Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openfire vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2018-11688
Ignite Realtime Openfire prior to 3.9.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context o...
Igniterealtime Openfire 3.7.1
4.3
CVSSv2
CVE-2015-6972
Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote malicious users to inject arbitrary web script or HTML via the (1) groupchatName parameter to plugins/clientcontrol/create-bookmark.jsp; the (2) urlName parameter to plugins/client...
Igniterealtime Openfire 3.10.2
1 EDB exploit
6.8
CVSSv2
CVE-2015-6973
Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote malicious users to hijack the authentication of administrators for requests that (1) change a password via a crafted request to user-password.jsp, (2) add users via a crafte...
Igniterealtime Openfire 3.10.2
1 EDB exploit
4.3
CVSSv2
CVE-2020-24604
A Reflected XSS vulnerability exists in Ignite Realtime Openfire version 4.5.1. The XSS vulnerability allows remote malicious users to inject arbitrary web script or HTML via the GET request "searchName", "searchValue", "searchDescription", "sea...
Igniterealtime Openfire 4.5.1
3.5
CVSSv2
CVE-2020-35127
Ignite Realtime Openfire 4.6.0 has plugins/bookmarks/create-bookmark.jsp Stored XSS.
Igniterealtime Openfire 4.6.0
4.3
CVSSv2
CVE-2020-35200
Ignite Realtime Openfire 4.6.0 has plugins/clientcontrol/spark-form.jsp Reflective XSS.
Igniterealtime Openfire 4.6.0
6.5
CVSSv2
CVE-2015-7707
Ignite Realtime Openfire 3.10.2 allows remote authenticated users to gain administrator access via the isadmin parameter to user-edit-form.jsp.
Igniterealtime Openfire 3.10.2
1 EDB exploit
4
CVSSv2
CVE-2008-1728
ConnectionManagerImpl.java in Ignite Realtime Openfire 3.4.5 allows remote authenticated users to cause a denial of service (daemon outage) by triggering large outgoing queues without reading messages.
Ignite Realtime Openfire 3.4.5
4.3
CVSSv2
CVE-2009-0496
Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3.6.2 allow remote malicious users to inject arbitrary web script or HTML via the (1) log parameter to (a) logviewer.jsp and (b) log.jsp; (2) search parameter to (c) group-summary.jsp; (3) username pa...
Ignite Realtime Openfire 3.6.2
3 EDB exploits
4.3
CVSSv2
CVE-2005-4876
Cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console in Openfire (formerly Wildfire) 2.2.2, and possibly other versions prior to 2.3.0 Beta 2, allows remote malicious users to inject arbitrary web script or HTML via the username parameter, a...
Ignite Realtime Openfire 2.2.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »