A Reflected XSS vulnerability was discovered in Ignite Realtime Openfire version 4.5.1. The XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the GET request "searchName", "searchValue", "searchDescription", "searchDefaultValue","searchPlugin", "searchDescription" and "searchDynamic" in server-properties.jsp and security-audit-viewer.jsp
References
Link | Resource |
---|---|
https://cybersecurityworks.com/zerodays/cve-2020-24604-ignite-realtime-openfire.html | Exploit Third Party Advisory |
https://issues.igniterealtime.org/browse/OF-1963 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-09-02T14:40:05
Updated: 2020-10-28T19:33:17
Reserved: 2020-08-24T00:00:00
Link: CVE-2020-24604
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-09-02T15:15:10.457
Modified: 2020-11-10T19:39:25.570
Link: CVE-2020-24604
JSON object: View
Redhat Information
No data.
CWE