Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openfire vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2005-4877
Cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console in Openfire (formerly Wildfire) 2.3.0 Beta 2 allows remote malicious users to inject arbitrary web script or HTML via Javascript events in the username parameter, a different vulnerability...
Ignite Realtime Openfire 2.3.0
NA
CVE-2024-25421
An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote malicious user to escalate privileges via the ROOM_CACHE component.
5.5
CVSSv2
CVE-2016-1307
The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote malicious users to obtain access via an XMPP session, aka Bug ID CSCuw79085.
Cisco Finesse 10.5\\\\\\(1\\\\\\) Base
Cisco Finesse 11.0\\\\\\(1\\\\\\) Base
Cisco Unified Contact Center Express 10.6\\\\\\(1\\\\\\)
NA
CVE-2024-25420
An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote malicious user to escalate privileges via the admin.authorizedJIDs system property component.
5.5
CVSSv2
CVE-2017-2815
An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web request can cause the retrieval of arbitrary files or denial of service. An authenticated attacker can send a crafted web request to trigger this vulnerab...
Igniterealtime User Import Export 2.6.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5