CVE-2019-20525
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in maven/org.igniterealtime.openfire/parent
Identifiers
GHSA-h2mq-p9r5-wh94, CVE-2019-20525
Package Slug
maven/org.igniterealtime.openfire/parent
Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Description
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp driver parameter.
Affected Versions
All versions before 4.4.2
Solution
Upgrade to version 4.4.2 or above.
Last Modified
2022-11-23
| source |