CVE-2019-20528

Identifiers

GHSA-wx2w-8pqw-vp4g, CVE-2019-20528

Package Slug

maven/org.igniterealtime.openfire/xmppserver

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp username parameter.

Affected Versions

All versions before 4.4.2

Solution

Upgrade to version 4.4.2 or above.

Last Modified

2022-11-23