Vulnerabilities > Igniterealtime

DATE CVE VULNERABILITY TITLE RISK
2023-05-26 CVE-2023-32315 Path Traversal vulnerability in Igniterealtime Openfire
Openfire is an XMPP server licensed under the Open Source Apache License.
network
low complexity
igniterealtime CWE-22
7.5
2022-03-18 CVE-2021-45967 Path Traversal vulnerability in multiple products
An issue was discovered in Pascom Cloud Phone System before 7.20.x.
network
low complexity
pascom igniterealtime CWE-22
critical
9.8
2020-12-12 CVE-2020-35202 Cross-site Scripting vulnerability in Igniterealtime Openfire 4.6.0
Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql Stored XSS.
network
low complexity
igniterealtime CWE-79
5.4
2020-12-12 CVE-2020-35201 Cross-site Scripting vulnerability in Igniterealtime Openfire 4.6.0
Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp users Stored XSS.
network
low complexity
igniterealtime CWE-79
5.4
2020-12-12 CVE-2020-35200 Cross-site Scripting vulnerability in Igniterealtime Openfire 4.6.0
Ignite Realtime Openfire 4.6.0 has plugins/clientcontrol/spark-form.jsp Reflective XSS.
network
low complexity
igniterealtime CWE-79
6.1
2020-12-12 CVE-2020-35199 Cross-site Scripting vulnerability in Igniterealtime Openfire 4.6.0
Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp groupchatJID Stored XSS.
network
low complexity
igniterealtime CWE-79
5.4
2020-12-11 CVE-2020-35127 Cross-site Scripting vulnerability in Igniterealtime Openfire 4.6.0
Ignite Realtime Openfire 4.6.0 has plugins/bookmarks/create-bookmark.jsp Stored XSS.
network
low complexity
igniterealtime CWE-79
5.4
2020-09-02 CVE-2020-24604 Cross-site Scripting vulnerability in Igniterealtime Openfire 4.5.1
A Reflected XSS vulnerability was discovered in Ignite Realtime Openfire version 4.5.1.
network
low complexity
igniterealtime CWE-79
6.1
2020-09-02 CVE-2020-24602 Cross-site Scripting vulnerability in Igniterealtime Openfire 4.5.1
Ignite Realtime Openfire 4.5.1 has a reflected Cross-site scripting vulnerability which allows an attacker to execute arbitrary malicious URL via the vulnerable GET parameter searchName", "searchValue", "searchDescription", "searchDefaultValue","searchPlugin", "searchDescription" and "searchDynamic" in the Server Properties and Security Audit Viewer JSP page
network
low complexity
igniterealtime CWE-79
6.1
2020-09-02 CVE-2020-24601 Cross-site Scripting vulnerability in Igniterealtime Openfire 4.5.1
In Ignite Realtime Openfire 4.5.1 a Stored Cross-site Vulnerability allows an attacker to execute an arbitrary malicious URL via the vulnerable POST parameter searchName", "alias" in the import certificate trusted page
network
low complexity
igniterealtime CWE-79
6.1