openfire

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description High performance XMPP (Jabber) server.
Version 4.2.3-1 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-15 4.0.4-1 4.1.0-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2015-7707 AVG-15 High Yes Privilege escalation
Ignite Realtime Openfire 3.10.2 allows remote authenticated users to gain administrator access via the isadmin parameter to user-edit- form.jsp.
CVE-2015-6973 AVG-15 Medium Yes Cross-site request forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to hijack the authentication of...
CVE-2015-6972 AVG-15 Medium Yes Cross-site scripting
Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to inject arbitrary web script or HTML via the...

Advisories

Date Advisory Group Severity Description
23 Dec 2016 ASA-201612-21 AVG-15 High multiple issues