CVE-2019-15488
MEDIUMOpenfire < 4.4.1 - Reflected Cross-Site Scripting via LDAP Setup Test
Title source: llmDescription
Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test.
References (2)
Core 2
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/igniterealtime/Openfire/compare/cd0a573...5e5d9e5
Patch, Third Party Advisory x_refsource_misc
https://github.com/igniterealtime/Openfire/pull/1441
Scores
CVSS v3
6.1
EPSS
0.0091
EPSS Percentile
55.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
igniterealtime/openfire
< 4.4.1
org.igniterealtime.openfire/xmppserver
0 - 4.4.1Maven
Published
Aug 23, 2019
Tracked Since
Feb 18, 2026