Published: 16/09/2015 Updated: 01/07/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote malicious users to inject arbitrary web script or HTML via the (1) groupchatName parameter to plugins/clientcontrol/create-bookmark.jsp; the (2) urlName parameter to plugins/clientcontrol/create-bookmark.jsp; the (3) hostname parameter to server-session-details.jsp; or the (4) search parameter to group-summary.jsp.

Vulnerable Product	Search on Vulmon	Subscribe to Product
igniterealtime openfire 3.10.2

Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3102 allow remote attackers to inject arbitrary web script or HTML via the (1) groupchatName parameter to plugins/clientcontrol/create-bookmarkjsp; the (2) urlName parameter to plugins/clientcontrol/create-bookmarkjsp; the (3) hostname parameter to server-session-de ...

[+] Credits: hyp3rlinx [+] Website: hyp3rlinxaltervistaorg [+] Source: hyp3rlinxaltervistaorg/advisories/AS-OPENFIRE-XSStxt Vendor: ================================ wwwigniterealtimeorg/projects/openfire wwwigniterealtimeorg/downloads/indexjsp Product: ================================ Openfire 3102 Openfire is a real ti ...

CWE-79 http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-XSS.txt https://www.exploit-db.com/exploits/38191/http://packetstormsecurity.com/files/133558/Openfire-3.10.2-Cross-Site-Scripting.html https://security.gentoo.org/glsa/201612-50 https://nvd.nist.gov https://www.exploit-db.com/exploits/38191/https://security.archlinux.org/CVE-2015-6972

CVE-2015-6972

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect