3.9.3

DATE	CVE	VULNERABILITY TITLE	RISK
2022-03-18	CVE-2021-45967	Path Traversal vulnerability in multiple products An issue was discovered in Pascom Cloud Phone System before 7.20.x. network low complexity pascom igniterealtime CWE-22 critical	9.8
2019-10-24	CVE-2019-18394	Server-Side Request Forgery (SSRF) vulnerability in Igniterealtime Openfire A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests. network low complexity igniterealtime CWE-918 critical	9.8
2019-10-24	CVE-2019-18393	Path Traversal vulnerability in Igniterealtime Openfire PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability. network low complexity igniterealtime CWE-22	5.3
2019-08-23	CVE-2019-15488	Cross-site Scripting vulnerability in Igniterealtime Openfire Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test. network low complexity igniterealtime CWE-79	6.1
2017-10-26	CVE-2017-15911	Cross-site Scripting vulnerability in Igniterealtime Openfire The Admin Console in Ignite Realtime Openfire Server before 4.1.7 allows arbitrary client-side JavaScript code execution on victims who click a crafted setup/setup-host-settings.jsp?domain= link, aka XSS. network low complexity igniterealtime CWE-79	4.8
2017-08-18	CVE-2014-3451	Improper Certificate Validation vulnerability in Igniterealtime Openfire OpenFire XMPP Server before 3.10 accepts self-signed certificates, which allows remote attackers to perform unspecified spoofing attacks. network low complexity igniterealtime CWE-295	7.5