Vulnerabilities > Igniterealtime > Openfire > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-12 | CVE-2020-35199 | Cross-site Scripting vulnerability in Igniterealtime Openfire 4.6.0 Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp groupchatJID Stored XSS. | 3.5 |
| 2020-12-12 | CVE-2020-35201 | Cross-site Scripting vulnerability in Igniterealtime Openfire 4.6.0 Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp users Stored XSS. | 3.5 |
| 2020-12-12 | CVE-2020-35202 | Cross-site Scripting vulnerability in Igniterealtime Openfire 4.6.0 Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql Stored XSS. | 3.5 |
| 2020-12-11 | CVE-2020-35127 | Cross-site Scripting vulnerability in Igniterealtime Openfire 4.6.0 Ignite Realtime Openfire 4.6.0 has plugins/bookmarks/create-bookmark.jsp Stored XSS. | 3.5 |
| 2017-10-26 | CVE-2017-15911 | Cross-site Scripting vulnerability in Igniterealtime Openfire The Admin Console in Ignite Realtime Openfire Server before 4.1.7 allows arbitrary client-side JavaScript code execution on victims who click a crafted setup/setup-host-settings.jsp?domain= link, aka XSS. | 3.5 |