CVE-2015-6972
published 2015-09-16CVE-2015-6972: Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to inject arbitrary web script or HTML via the…
PriorityP425medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
8.00%
94.0th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to inject arbitrary web script or HTML via the (1) groupchatName parameter to plugins/clientcontrol/create-bookmark.jsp; the (2) urlName parameter to plugins/clientcontrol/create-bookmark.jsp; the (3) hostname parameter to server-session-details.jsp; or the (4) search parameter to group-summary.jsp.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| igniterealtime | openfire | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-XSS.txthttp://packetstormsecurity.com/files/133558/Openfire-3.10.2-Cross-Site-Scripting.htmlhttps://security.gentoo.org/glsa/201612-50https://www.exploit-db.com/exploits/38191/http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-XSS.txthttp://packetstormsecurity.com/files/133558/Openfire-3.10.2-Cross-Site-Scripting.htmlhttps://security.gentoo.org/glsa/201612-50https://www.exploit-db.com/exploits/38191/
2015-09-16
Published