Ignite Realtime Openfire privilege escalation vulnerability
An issue in Ignite Realtime Openfire v.4.8.0 and before allows a remote attacker to escalate privileges via the ROOM_CACHE component.
Advisories for Maven/Org.igniterealtime.openfire/Xmppserver package
2024
Ignite Realtime Openfire privilege escalation vulnerability
An issue in Ignite Realtime Openfire v.4.8.0 and before allows a remote attacker to escalate privileges via the admin.authorizedJIDs system property component.
2023
Improper Neutralization
Improper Neutralization in org.igniterealtime.openfire:xmppserver.
2022
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp username parameter.
2019
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test.