Ignite Realtime Openfire — known CVE vulnerabilities
Every CVE whose affected-product data names Ignite Realtime Openfire, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2007-2975 — CVSS 7.5 (high): The admin console in Ignite Realtime Openfire 3.3.0 and earlier (formerly Wildfire) does not properly specify a filter mapping in web.xml…
CVE-2005-4876 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console in Openfire (formerly Wildfire) 2.2.2, and…
CVE-2005-4877 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console in Openfire (formerly Wildfire) 2.3.0 Beta 2…
CVE-2006-7233 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console in Openfire (formerly Wildfire) 2.6.0, and…
CVE-2009-0496 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3.6.2 allow remote attackers to inject arbitrary web script…
CVE-2008-1728 — CVSS 4.0 (medium): ConnectionManagerImpl.java in Ignite Realtime Openfire 3.4.5 allows remote authenticated users to cause a denial of service (daemon outage)…