AVG-15

Package openfire
Status Fixed
Severity High
Type multiple issues
Affected 4.0.4-1
Fixed 4.1.0-1
Current 4.2.2-1 [community]
Ticket None
Created Sun Sep 18 15:54:47 2016
Issue Severity Remote Type Description
CVE-2015-7707 High Yes Privilege escalation
Ignite Realtime Openfire 3.10.2 allows remote authenticated users to gain administrator access via the isadmin parameter to user-edit- form.jsp.
CVE-2015-6973 Medium Yes Cross-site request forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to hijack the authentication of...
CVE-2015-6972 Medium Yes Cross-site scripting
Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to inject arbitrary web script or HTML via the...
Date Advisory Package Description
23 Dec 2016 ASA-201612-21 openfire multiple issues