Vulnerabilities > Igniterealtime > Openfire > 4.6.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-26 | CVE-2023-32315 | Path Traversal vulnerability in Igniterealtime Openfire Openfire is an XMPP server licensed under the Open Source Apache License. | 7.5 |
| 2020-12-12 | CVE-2020-35202 | Cross-site Scripting vulnerability in Igniterealtime Openfire 4.6.0 Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql Stored XSS. | 3.5 |
| 2020-12-12 | CVE-2020-35201 | Cross-site Scripting vulnerability in Igniterealtime Openfire 4.6.0 Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp users Stored XSS. | 3.5 |
| 2020-12-12 | CVE-2020-35200 | Cross-site Scripting vulnerability in Igniterealtime Openfire 4.6.0 Ignite Realtime Openfire 4.6.0 has plugins/clientcontrol/spark-form.jsp Reflective XSS. | 4.3 |
| 2020-12-12 | CVE-2020-35199 | Cross-site Scripting vulnerability in Igniterealtime Openfire 4.6.0 Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp groupchatJID Stored XSS. | 3.5 |
| 2020-12-11 | CVE-2020-35127 | Cross-site Scripting vulnerability in Igniterealtime Openfire 4.6.0 Ignite Realtime Openfire 4.6.0 has plugins/bookmarks/create-bookmark.jsp Stored XSS. | 3.5 |