CVE-2020-24602: Cross-site Scripting

September 2, 2020 (updated November 10, 2020)

Ignite Realtime Openfire has a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary malicious URL via the vulnerable GET parameters searchName, searchValue, searchDescription, searchDefaultValue, searchPlugin, searchDescription and searchDynamic in the Server Properties and Security Audit Viewer JSP page.

References

issues.igniterealtime.org/browse/OF-1963
nvd.nist.gov/vuln/detail/CVE-2020-24602

Detect and mitigate CVE-2020-24602 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →