CVE-2008-6510

Openfire < 3.6.0a - Cross-Site Scripting via Admin Console Login URL Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6510. PoCs published by Andreas Kurtz.

AI-analyzed exploit summary This advisory details multiple vulnerabilities in Openfire Server <= 3.6.0a, including authentication bypass, SQL injection, and XSS. It provides technical descriptions and proof-of-concept examples for each vulnerability.

Description

Cross-site scripting (XSS) vulnerability in login.jsp in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to inject arbitrary web script or HTML via the url parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Andreas Kurtz · textwebappsjsp

https://www.exploit-db.com/exploits/7075

View Code ZIP pw:eip

This advisory details multiple vulnerabilities in Openfire Server <= 3.6.0a, including authentication bypass, SQL injection, and XSS. It provides technical descriptions and proof-of-concept examples for each vulnerability.

Classification

Writeup 100%

Attack Type

Auth Bypass | Sqli | Xss

Complexity

Moderate

Reliability

Reliable

Target: Openfire Server <= 3.6.0a

No auth needed

Prerequisites: Access to the Openfire admin interface · SIP plugin installation for SQLi exploitation

MITRE ATT&CK