org.igniterealtime.openfire:parent (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.igniterealtime.openfire:parent, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (11)
CVE-2019-18394 — CVSS 9.8 (critical): A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to…
CVE-2014-2741 — CVSS 7.8 (high): nio/XMLLightweightParser.java in Ignite Realtime Openfire before 3.9.2 does not properly restrict the processing of compressed XML…
CVE-2019-20366 — CVSS 6.1 (medium): An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via isTrustStore to Manage Store Contents.
CVE-2018-11688 — CVSS 6.1 (medium): Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote…
CVE-2019-20525 — CVSS 6.1 (medium): Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp driver parameter.
CVE-2019-20526 — CVSS 6.1 (medium): Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp password parameter.
CVE-2019-20527 — CVSS 6.1 (medium): Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp serverURL parameter.
CVE-2019-18393 — CVSS 5.3 (medium): PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home…
CVE-2017-15911 — CVSS 4.8 (medium): The Admin Console in Ignite Realtime Openfire Server before 4.1.7 allows arbitrary client-side JavaScript code execution on victims who…
CVE-2008-1728 — CVSS 4.0 (medium): ConnectionManagerImpl.java in Ignite Realtime Openfire 3.4.5 allows remote authenticated users to cause a denial of service (daemon outage)…
CVE-2009-1595 — CVSS 4.0 (medium): The jabber:iq:auth implementation in IQAuthHandler.java in Ignite Realtime Openfire before 3.6.4 allows remote authenticated users to…