Product:

Openfire

(Igniterealtime)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 37
Date Id Summary Products Score Patch Annotated
2020-12-12 CVE-2020-35202 Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql Stored XSS. Openfire 5.4
2022-03-18 CVE-2021-45967 An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints. Openfire, Cloud_phone_system 9.8
2009-05-11 CVE-2009-1596 Ignite Realtime Openfire before 3.6.5 does not properly implement the register.password (aka canChangePassword) console configuration setting, which allows remote authenticated users to bypass intended policy and change their own passwords via a passwd_change IQ packet. Openfire 6.5
2020-01-08 CVE-2019-20366 An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via isTrustStore to Manage Store Contents. Openfire 6.1
2020-01-08 CVE-2019-20365 An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via search to the Users/Group search page. Openfire 6.1
2020-01-08 CVE-2019-20364 An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via cacheName to SystemCacheDetails.jsp. Openfire 6.1
2020-01-08 CVE-2019-20363 An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via alias to Manage Store Contents. Openfire 6.1
2019-10-24 CVE-2019-18394 A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests. Openfire N/A
2019-10-24 CVE-2019-18393 PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability. Openfire N/A
2020-03-18 CVE-2019-20528 Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp username parameter. Openfire N/A