Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
igniterealtime vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2019-20525
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp driver parameter.
Igniterealtime Openfire 4.4.1
383
VMScore
CVE-2020-24601
In Ignite Realtime Openfire 4.5.1 a Stored Cross-site Vulnerability allows an malicious user to execute an arbitrary malicious URL via the vulnerable POST parameter searchName", "alias" in the import certificate trusted page
Igniterealtime Openfire 4.5.1
383
VMScore
CVE-2020-24604
A Reflected XSS vulnerability exists in Ignite Realtime Openfire version 4.5.1. The XSS vulnerability allows remote malicious users to inject arbitrary web script or HTML via the GET request "searchName", "searchValue", "searchDescription", "sea...
Igniterealtime Openfire 4.5.1
383
VMScore
CVE-2019-20363
An XSS issue exists in Ignite Realtime Openfire 4.4.4 via alias to Manage Store Contents.
Igniterealtime Openfire 4.4.4
383
VMScore
CVE-2019-20365
An XSS issue exists in Ignite Realtime Openfire 4.4.4 via search to the Users/Group search page.
Igniterealtime Openfire 4.4.4
383
VMScore
CVE-2019-20366
An XSS issue exists in Ignite Realtime Openfire 4.4.4 via isTrustStore to Manage Store Contents.
Igniterealtime Openfire 4.4.4
383
VMScore
CVE-2018-11688
Ignite Realtime Openfire prior to 3.9.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context o...
Igniterealtime Openfire 3.7.1
505
VMScore
CVE-2009-0497
Directory traversal vulnerability in log.jsp in Ignite Realtime Openfire 3.6.2 allows remote malicious users to read arbitrary files via a ..\ (dot dot backslash) in the log parameter.
Igniterealtime Openfire 3.6.2
1 EDB exploit
490
VMScore
CVE-2017-2815
An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web request can cause the retrieval of arbitrary files or denial of service. An authenticated attacker can send a crafted web request to trigger this vulnerab...
Igniterealtime User Import Export 2.6.0
605
VMScore
CVE-2014-5075
The Ignite Realtime Smack XMPP API 4.x prior to 4.0.2, and 3.x and 2.x when a custom SSLContext is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the...
Redhat Jboss Fuse
Igniterealtime Smack Api
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4