Description
Cross-site scripting (XSS) vulnerability in login.jsp in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to inject arbitrary web script or HTML via the url parameter.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Andreas Kurtz · textwebappsjsp
https://www.exploit-db.com/exploits/7075
References (7)
Core 7
Core References
Issue Tracking x_refsource_confirm
http://www.igniterealtime.org/issues/browse/JM-629
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/7075
Exploit x_refsource_misc
http://www.andreas-kurtz.de/advisories/AKADV2008-001-v1.0.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/46486
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/32189
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/498162/100/0/threaded
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/3061
Scores
EPSS
0.0502
EPSS Percentile
89.8%
Details
CWE
CWE-79
Status
published
Products (25)
igniterealtime/openfire
2.6.0
igniterealtime/openfire
2.6.1
igniterealtime/openfire
2.6.2
igniterealtime/openfire
3.0.0
igniterealtime/openfire
3.0.1
igniterealtime/openfire
3.1.0
igniterealtime/openfire
3.1.1
igniterealtime/openfire
3.2.0
igniterealtime/openfire
3.2.1
igniterealtime/openfire
3.2.2
... and 15 more
Published
Mar 23, 2009
Tracked Since
Feb 18, 2026