Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1oMm1xLXA5cjUtd2g5NM4AAj9n

Moderate EPSS: 0.00471% (0.63541 Percentile) EPSS:
Permalink JSON

Ignite Realtime Openfire allows Cross-site Scripting

Affected Packages Affected Versions Fixed Versions
maven:org.igniterealtime.openfire:parent < 4.4.2 4.4.2
0 Dependent packages
2 Dependent repositories

Affected Version Ranges

All affected versions

4.2.0

All unaffected versions

Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp driver parameter. This issue was fixed in version 4.4.2.

References:

Identifiers

GHSA-h2mq-p9r5-wh94

CVE-2019-20525

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00471

EPSS Percentile: 0.63541

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Date and time

Published

over 3 years ago

Updated

almost 3 years ago

API

JSON