Product:

Openfire

(Igniterealtime)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 37
Date Id Summary Products Score Patch Annotated
2020-12-12 CVE-2020-35199 Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp groupchatJID Stored XSS. Openfire 5.4
2020-12-12 CVE-2020-35200 Ignite Realtime Openfire 4.6.0 has plugins/clientcontrol/spark-form.jsp Reflective XSS. Openfire 6.1
2020-12-12 CVE-2020-35201 Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp users Stored XSS. Openfire 5.4
2020-12-12 CVE-2020-35202 Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql Stored XSS. Openfire 5.4
2022-03-18 CVE-2021-45967 An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints. Openfire, Cloud_phone_system 9.8
2009-05-11 CVE-2009-1596 Ignite Realtime Openfire before 3.6.5 does not properly implement the register.password (aka canChangePassword) console configuration setting, which allows remote authenticated users to bypass intended policy and change their own passwords via a passwd_change IQ packet. Openfire 6.5
2020-01-08 CVE-2019-20366 An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via isTrustStore to Manage Store Contents. Openfire 6.1
2020-01-08 CVE-2019-20365 An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via search to the Users/Group search page. Openfire 6.1
2020-01-08 CVE-2019-20364 An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via cacheName to SystemCacheDetails.jsp. Openfire 6.1
2020-01-08 CVE-2019-20363 An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via alias to Manage Store Contents. Openfire 6.1