AVG-15 log
| Package | openfire |
| Status | Fixed |
| Severity | High |
| Type | multiple issues |
| Affected | 4.0.4-1 |
| Fixed | 4.1.0-1 |
| Current | 4.9.2-1 [extra] |
| Ticket | None |
| Created | Sun Sep 18 15:54:47 2016 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2015-7707 | High | Yes | Privilege escalation | Ignite Realtime Openfire 3.10.2 allows remote authenticated users to gain administrator access via the isadmin parameter to user-edit- form.jsp. |
| CVE-2015-6973 | Medium | Yes | Cross-site request forgery | Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to hijack the authentication of... |
| CVE-2015-6972 | Medium | Yes | Cross-site scripting | Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to inject arbitrary web script or HTML via the... |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 23 Dec 2016 | ASA-201612-21 | openfire | multiple issues |