org.igniterealtime.openfire:parent
Maven11 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.igniterealtime.openfire:parentpage 1 of 1
- CVE-2008-1728NONECVSS 0.0EG 0.0✓ Fixed in 3.5.02008-04-11
ConnectionManagerImpl.java in Ignite Realtime Openfire 3.4.5 allows remote authenticated users to cause a denial of service (daemon outage) by triggering large outgoing queues without reading messages.
- CVE-2009-1595NONECVSS 0.0EG 0.0✓ Fixed in 3.6.42009-05-11
The jabber:iq:auth implementation in IQAuthHandler.java in Ignite Realtime Openfire before 3.6.4 allows remote authenticated users to change the passwords of arbitrary accounts via a modified username element in a passwd_change action.
- CVE-2014-2741NONECVSS 0.0EG 0.0✓ Fixed in 3.9.22014-04-11
nio/XMLLightweightParser.java in Ignite Realtime Openfire before 3.9.2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XM…
- CVE-2017-15911MEDIUMCVSS 4.8EG 4.8✓ Fixed in 4.1.72017-10-26
The Admin Console in Ignite Realtime Openfire Server before 4.1.7 allows arbitrary client-side JavaScript code execution on victims who click a crafted setup/setup-host-settings.jsp?domain= link, aka XSS. Session ID and data theft may foll…
- CVE-2018-11688MEDIUMCVSS 6.1EG 6.1✓ Fixed in 3.9.22018-06-13
Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web bro…
- CVE-2019-18393MEDIUMCVSS 5.3EG 5.3✓ Fixed in 4.5.0-beta2019-10-24
vulnerable: 4.2.0
PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability.
- CVE-2019-18394CRITICALCVSS 9.8EG 9.8✓ Fixed in 4.5.0-beta2019-10-24
vulnerable: 4.2.0
A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests.
- CVE-2019-20366MEDIUMCVSS 6.1EG 6.1✓ Fixed in 4.5.02020-01-08
vulnerable: 4.2.0
An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via isTrustStore to Manage Store Contents.
- CVE-2019-20525MEDIUMCVSS 6.1EG 6.1✓ Fixed in 4.4.22020-03-19
vulnerable: 4.2.0
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp driver parameter.
- CVE-2019-20526MEDIUMCVSS 6.1EG 6.1✓ Fixed in 4.4.22020-03-19
vulnerable: 4.2.0
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp password parameter.
- CVE-2019-20527MEDIUMCVSS 6.1EG 6.1✓ Fixed in 4.4.22020-03-19
vulnerable: 4.2.0
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp serverURL parameter.
Check whether org.igniterealtime.openfire:parent is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.igniterealtime.openfire:parent CVEs against the assets you own.
Start Free Scan →