CVE-2020-35200: Cross-site Scripting

December 12, 2020 (updated December 14, 2020)

Ignite Realtime Openfire suffers from a reflective Cross-site Scripting vulnerability in plugins/clientcontrol/spark-form.jsp.

References

discourse.igniterealtime.org/t/openfire-4-6-0-has-reflective-xss-vulnerabilities/89296
nvd.nist.gov/vuln/detail/CVE-2020-35200

Detect and mitigate CVE-2020-35200 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →