CVE-2018-11688: Cross-site Scripting

June 13, 2018 (updated June 20, 2019)

Ignite Realtime Openfire is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim’s Web browser within the security context of the hosting Website, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

References

www.securityfocus.com/archive/1/542060/100/0/threaded
nvd.nist.gov/vuln/detail/CVE-2018-11688

Detect and mitigate CVE-2018-11688 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →