CVE-2019-20366: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
(updated )
An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via isTrustStore to Manage Store Contents.
References
- cybersecurityworks.com/zerodays/cve-2019-20366-openfire.html
- github.com/advisories/GHSA-m6pr-xcrm-4qqp
- github.com/igniterealtime/Openfire/pull/1561
- github.com/igniterealtime/Openfire/pull/1561/files/b6f758241f3fdd57b48c527a695512f33e26eb74
- issues.igniterealtime.org/browse/OF-1955
- nvd.nist.gov/vuln/detail/CVE-2019-20366
Detect and mitigate CVE-2019-20366 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →