A Reflected XSS vulnerability was discovered in Ignite Realtime Openfire version 4.5.1. The XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the GET request "searchName", "searchValue", "searchDescription", "searchDefaultValue","searchPlugin", "searchDescription" and "searchDynamic" in server-properties.jsp and security-audit-viewer.jsp
References
Link | Resource |
---|---|
https://cybersecurityworks.com/zerodays/cve-2020-24604-ignite-realtime-openfire.html | Exploit Third Party Advisory |
https://issues.igniterealtime.org/browse/OF-1963 | Vendor Advisory |
Configurations
History
No history.
Information
Published : 2020-09-02 15:15
Updated : 2024-02-28 17:47
NVD link : CVE-2020-24604
Mitre link : CVE-2020-24604
CVE.ORG link : CVE-2020-24604
JSON object : View
Products Affected
igniterealtime
- openfire
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')