CVE-2006-7233

Ignite Realtime Openfire < 3.5.2 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console in Openfire (formerly Wildfire) 2.6.0, and possibly other versions before 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the url parameter.

References (6)

[Vendor Advisory] http://secunia.com/advisories/31483

[Third Party Advisory, VDB Entry] http://www.osvdb.org/47448

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/30696

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/44459

[Issue Tracking] http://www.igniterealtime.org/issues/browse/JM-430

[Issue Tracking] http://www.igniterealtime.org/issues/browse/JM-629

Scores

EPSS 0.0047

EPSS Percentile 64.5%

Classification

CWE

CWE-79

Status draft

Affected Products (2)

ignite_realtime/openfire < 3.5.2

ignite_realtime/openfire

Timeline

Published Dec 31, 2006

Tracked Since Feb 18, 2026