CVE-2015-6972 log
| Source |
|
| Severity | Medium |
| Remote | Yes |
| Type | Cross-site scripting |
| Description | Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to inject arbitrary web script or HTML via the (1) groupchatName parameter to plugins/clientcontrol/create-bookmark.jsp; the (2) urlName parameter to plugins/clientcontrol/create-bookmark.jsp; the (3) hostname parameter to server-session-details.jsp; or the (4) search parameter to group-summary.jsp. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-15 | openfire | 4.0.4-1 | 4.1.0-1 | High | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 23 Dec 2016 | ASA-201612-21 | AVG-15 | openfire | High | multiple issues |
| References |
|---|
http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-XSS.txt https://igniterealtime.org/issues/browse/OF-942 |