Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openfire vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2020-35199
Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp groupchatJID Stored XSS.
Igniterealtime Openfire 4.6.0
4.3
CVSSv2
CVE-2020-35200
Ignite Realtime Openfire 4.6.0 has plugins/clientcontrol/spark-form.jsp Reflective XSS.
Igniterealtime Openfire 4.6.0
3.5
CVSSv2
CVE-2020-35202
Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql Stored XSS.
Igniterealtime Openfire 4.6.0
4.3
CVSSv2
CVE-2020-24602
Ignite Realtime Openfire 4.5.1 has a reflected Cross-site scripting vulnerability which allows an malicious user to execute arbitrary malicious URL via the vulnerable GET parameter searchName", "searchValue", "searchDescription", "searchDefaultValue&...
Igniterealtime Openfire 4.5.1
6.5
CVSSv2
CVE-2015-7707
Ignite Realtime Openfire 3.10.2 allows remote authenticated users to gain administrator access via the isadmin parameter to user-edit-form.jsp.
Igniterealtime Openfire 3.10.2
1 EDB exploit
4.3
CVSSv2
CVE-2019-20364
An XSS issue exists in Ignite Realtime Openfire 4.4.4 via cacheName to SystemCacheDetails.jsp.
Igniterealtime Openfire 4.4.4
4.3
CVSSv2
CVE-2019-20526
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp password parameter.
Igniterealtime Openfire 4.4.1
4.3
CVSSv2
CVE-2019-20527
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp serverURL parameter.
Igniterealtime Openfire 4.4.1
4.3
CVSSv2
CVE-2019-20528
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp username parameter.
Igniterealtime Openfire 4.4.1
4.3
CVSSv2
CVE-2019-20525
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp driver parameter.
Igniterealtime Openfire 4.4.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »