CVE-2005-4877

Openfire 2.3.0 Beta 2 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console in Openfire (formerly Wildfire) 2.3.0 Beta 2 allows remote attackers to inject arbitrary web script or HTML via Javascript events in the username parameter, a different vulnerability than CVE-2005-4876.

References (2)

[Issue Tracking] http://www.igniterealtime.org/issues/browse/JM-430

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/44690

Scores

EPSS 0.0022

EPSS Percentile 45.0%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

ignite_realtime/openfire

Timeline

Published Dec 31, 2005

Tracked Since Feb 18, 2026