[MAVEN:GHSA-WX2W-8PQW-VP4G] Ignite Realtime Openfire allows Cross-site Scripting

Severity Moderate

Affected Packages 1

Fixed Packages 1

CVEs 1

Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp username parameter. This issue was fixed in version 4.4.2.

Package	Affected Version
pkg:maven/org.igniterealtime.openfire/xmppserver	< 4.4.2

Package	Fixed Version
pkg:maven/org.igniterealtime.openfire/xmppserver	= 4.4.2

ID: MAVEN:GHSA-WX2W-8PQW-VP4G
Severity: moderate
URL: https://github.com/advisories/GHSA-wx2w-8pqw-vp4g
Published: 2022-05-24T17:11:49
(2 years ago)
Modified: 2023-02-02T05:03:54
(19 months ago)
Rights: Maven Security Team

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2019-20528
			https://www.netsparker.com/web-applications-advisories/ns-19-015-reflected-cross-site-scripting-in-openfire/
			https://github.com/advisories/GHSA-wx2w-8pqw-vp4g

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:maven/org.igniterealtime.openfire/xmppserver	org.igniterealtime.openfire	xmppserver	< 4.4.2
Fixed	pkg:maven/org.igniterealtime.openfire/xmppserver	org.igniterealtime.openfire	xmppserver	= 4.4.2

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date