Main Vulnerability Database Vulnerabilities #VU46544

Cross-site scripting in Openfire - CVE-2020-24601

Published: September 2, 2020 / Updated: September 9, 2020

Vulnerability identifier: #VU46544

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-24601

CWE-ID: CWE-79

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Openfire

Software vendor:
Ignite Realtime

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

In Ignite Realtime Openfire 4.5.1 a Stored Cross-site Vulnerability allows an attacker to execute an arbitrary malicious URL via the vulnerable POST parameter searchName", "alias" in the import certificate trusted page

Remediation

Install update from vendor's website.

External links

https://issues.igniterealtime.org/browse/OF-1963

Cross-site scripting in Openfire - CVE-2020-24601

Description

Remediation

External links

Please verify you're human