Vulnerabilities > Igniterealtime > Openfire > 4.5.1

DATE CVE VULNERABILITY TITLE RISK
2023-05-26 CVE-2023-32315 Path Traversal vulnerability in Igniterealtime Openfire
Openfire is an XMPP server licensed under the Open Source Apache License.
network
low complexity
igniterealtime CWE-22
7.5
2020-09-02 CVE-2020-24604 Cross-site Scripting vulnerability in Igniterealtime Openfire 4.5.1
A Reflected XSS vulnerability was discovered in Ignite Realtime Openfire version 4.5.1.
network
low complexity
igniterealtime CWE-79
6.1
2020-09-02 CVE-2020-24602 Cross-site Scripting vulnerability in Igniterealtime Openfire 4.5.1
Ignite Realtime Openfire 4.5.1 has a reflected Cross-site scripting vulnerability which allows an attacker to execute arbitrary malicious URL via the vulnerable GET parameter searchName", "searchValue", "searchDescription", "searchDefaultValue","searchPlugin", "searchDescription" and "searchDynamic" in the Server Properties and Security Audit Viewer JSP page
network
low complexity
igniterealtime CWE-79
6.1
2020-09-02 CVE-2020-24601 Cross-site Scripting vulnerability in Igniterealtime Openfire 4.5.1
In Ignite Realtime Openfire 4.5.1 a Stored Cross-site Vulnerability allows an attacker to execute an arbitrary malicious URL via the vulnerable POST parameter searchName", "alias" in the import certificate trusted page
network
low complexity
igniterealtime CWE-79
6.1