GHSA-22c6-3h88-26m3, CVE-2019-20527
maven/org.igniterealtime.openfire/parent
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp serverURL parameter.
All versions before 4.4.2
Upgrade to version 4.4.2 or above.
2022-11-23
source |