Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openfire vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2009-0496
Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3.6.2 allow remote malicious users to inject arbitrary web script or HTML via the (1) log parameter to (a) logviewer.jsp and (b) log.jsp; (2) search parameter to (c) group-summary.jsp; (3) username pa...
Ignite Realtime Openfire 3.6.2
3 EDB exploits
NA
CVE-2024-25421
An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote malicious user to escalate privileges via the ROOM_CACHE component.
5.4
CVSSv3
CVE-2016-1307
The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote malicious users to obtain access via an XMPP session, aka Bug ID CSCuw79085.
Cisco Finesse 10.5\\\\\\(1\\\\\\) Base
Cisco Finesse 11.0\\\\\\(1\\\\\\) Base
Cisco Unified Contact Center Express 10.6\\\\\\(1\\\\\\)
NA
CVE-2024-25420
An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote malicious user to escalate privileges via the admin.authorizedJIDs system property component.
8.1
CVSSv3
CVE-2017-2815
An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web request can cause the retrieval of arbitrary files or denial of service. An authenticated attacker can send a crafted web request to trigger this vulnerab...
Igniterealtime User Import Export 2.6.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5