Identifier

CVE-2020-24602

Package Slug

maven/org.igniterealtime.openfire/distribution

Vulnerability

Cross-site Scripting

Description

Ignite Realtime Openfire has a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary malicious URL via the vulnerable GET parameters searchName, searchValue, searchDescription, searchDefaultValue, searchPlugin, searchDescription and searchDynamic in the Server Properties and Security Audit Viewer JSP page.

Affected Versions

Version 4.5.1

Solution

Unfortunately, there is no solution available yet.

Last Modified

2020-09-09

source