The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of Ignite Openfire

Ignite Openfire: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Ignite Openfire, in order to run JavaScript code in the context of the web site...
CVE-2019-20363, CVE-2019-20364, CVE-2019-20365, CVE-2019-20366, OF-1955, VIGILANCE-VUL-31288
Ignite Openfire: privilege escalation via FaviconServlet.java GET Requests
An attacker can bypass restrictions via FaviconServlet.java GET Requests of Ignite Openfire, in order to escalate his privileges...
CVE-2019-18394, VIGILANCE-VUL-30719
Ignite Openfire: directory traversal via PluginServlet.java
An attacker can traverse directories via PluginServlet.java of Ignite Openfire, in order to read a file outside the service root path...
CVE-2019-18393, VIGILANCE-VUL-30718
Openfire: Cross Site Scripting via Admin Console
An attacker can trigger a Cross Site Scripting via Admin Console of Openfire, in order to run JavaScript code in the context of the web site...
CVE-2019-20525, CVE-2019-20526, CVE-2019-20527, CVE-2019-20528, NS-19-015, VIGILANCE-VUL-30450
Ignite Openfire: Cross Site Scripting via setup test page
An attacker can trigger a Cross Site Scripting via setup test page of Ignite Openfire, in order to run JavaScript code in the context of the web site...
CVE-2019-15488, VIGILANCE-VUL-30030
Openfire: Cross Site Scripting via LDAP Setup Pages
An attacker can trigger a Cross Site Scripting via LDAP Setup Pages of Openfire, in order to run JavaScript code in the context of the web site...
VIGILANCE-VUL-28281
Openfire: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Openfire, in order to run JavaScript code in the context of the web site...
CVE-2018-11688, VIGILANCE-VUL-26320
Openfire: Cross Site Scripting via Property Name
An attacker can trigger a Cross Site Scripting via Property Name of Openfire, in order to run JavaScript code in the context of the web site...
VIGILANCE-VUL-25653
Openfire: Cross Site Scripting via setup-host-settings.jsp
An attacker can trigger a Cross Site Scripting via setup-host-settings.jsp of Openfire, in order to run JavaScript code in the context of the web site...
CVE-2017-15911, OF-1250, OF-1400, OF-1417, VIGILANCE-VUL-24489
Openfire: SQL injection via the DBAccess plugin
An attacker can use a SQL injection via DBAccess of Openfire, in order to read or alter data...
VIGILANCE-VUL-22651
Our database contains other pages. You can request a free trial to read them.

Display information about Ignite Openfire: