CVE-2019-20527
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in maven/org.igniterealtime.openfire/parent
Identifiers
GHSA-22c6-3h88-26m3, CVE-2019-20527
Package Slug
maven/org.igniterealtime.openfire/parent
Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Description
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp serverURL parameter.
Affected Versions
All versions before 4.4.2
Solution
Upgrade to version 4.4.2 or above.
Last Modified
2022-11-23
| source |