GHSA-wx2w-8pqw-vp4g, CVE-2019-20528
maven/org.igniterealtime.openfire/xmppserver
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp username parameter.
All versions before 4.4.2
Upgrade to version 4.4.2 or above.
2022-11-23
source |