CVE-2019-15488

MEDIUM

Openfire < 4.4.1 - Reflected Cross-Site Scripting via LDAP Setup Test

Title source: llm
STIX 2.1

Description

Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test.

References (2)

Core 2
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/igniterealtime/Openfire/compare/cd0a573...5e5d9e5
Patch, Third Party Advisory x_refsource_misc
https://github.com/igniterealtime/Openfire/pull/1441

Scores

CVSS v3 6.1
EPSS 0.0091
EPSS Percentile 55.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (2)
igniterealtime/openfire < 4.4.1
org.igniterealtime.openfire/xmppserver 0 - 4.4.1Maven
Published Aug 23, 2019
Tracked Since Feb 18, 2026