Vulnerabilities > Igniterealtime > Openfire

DATE CVE VULNERABILITY TITLE RISK
2023-05-26 CVE-2023-32315 Path Traversal vulnerability in Igniterealtime Openfire
Openfire is an XMPP server licensed under the Open Source Apache License.
network
low complexity
igniterealtime CWE-22
7.5
2022-03-18 CVE-2021-45967 Path Traversal vulnerability in multiple products
An issue was discovered in Pascom Cloud Phone System before 7.20.x.
network
low complexity
pascom igniterealtime CWE-22
critical
9.8
2020-12-12 CVE-2020-35202 Cross-site Scripting vulnerability in Igniterealtime Openfire 4.6.0
Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql Stored XSS.
3.5
2020-12-12 CVE-2020-35201 Cross-site Scripting vulnerability in Igniterealtime Openfire 4.6.0
Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp users Stored XSS.
3.5
2020-12-12 CVE-2020-35200 Cross-site Scripting vulnerability in Igniterealtime Openfire 4.6.0
Ignite Realtime Openfire 4.6.0 has plugins/clientcontrol/spark-form.jsp Reflective XSS.
4.3
2020-12-12 CVE-2020-35199 Cross-site Scripting vulnerability in Igniterealtime Openfire 4.6.0
Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp groupchatJID Stored XSS.
3.5
2020-12-11 CVE-2020-35127 Cross-site Scripting vulnerability in Igniterealtime Openfire 4.6.0
Ignite Realtime Openfire 4.6.0 has plugins/bookmarks/create-bookmark.jsp Stored XSS.
3.5
2020-09-02 CVE-2020-24604 Cross-site Scripting vulnerability in Igniterealtime Openfire 4.5.1
A Reflected XSS vulnerability was discovered in Ignite Realtime Openfire version 4.5.1.
4.3
2020-09-02 CVE-2020-24602 Cross-site Scripting vulnerability in Igniterealtime Openfire 4.5.1
Ignite Realtime Openfire 4.5.1 has a reflected Cross-site scripting vulnerability which allows an attacker to execute arbitrary malicious URL via the vulnerable GET parameter searchName", "searchValue", "searchDescription", "searchDefaultValue","searchPlugin", "searchDescription" and "searchDynamic" in the Server Properties and Security Audit Viewer JSP page
4.3
2020-09-02 CVE-2020-24601 Cross-site Scripting vulnerability in Igniterealtime Openfire 4.5.1
In Ignite Realtime Openfire 4.5.1 a Stored Cross-site Vulnerability allows an attacker to execute an arbitrary malicious URL via the vulnerable POST parameter searchName", "alias" in the import certificate trusted page
4.3