CVE-2020-24604
Summary
| CVE | CVE-2020-24604 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-09-02 15:15:00 UTC |
| Updated | 2020-11-10 19:39:00 UTC |
| Description | A Reflected XSS vulnerability was discovered in Ignite Realtime Openfire version 4.5.1. The XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the GET request "searchName", "searchValue", "searchDescription", "searchDefaultValue","searchPlugin", "searchDescription" and "searchDynamic" in server-properties.jsp and security-audit-viewer.jsp |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Igniterealtime | Openfire | 4.5.1 | All | All | All |
| Application | Igniterealtime | Openfire | 4.5.1 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CVE-2020-24604 - Multiple Cross Site Scripting (XSS) in Openfire Product | MISC | cybersecurityworks.com | Exploit, Third Party Advisory |
| [OF-1963] Cross Site Scripting (XSS) issues - CSW Document No: C1055 CVE-2020-24601 CVE-2020-24602 CVE-2020-24604 - Ignite Realtime Jira | MISC | issues.igniterealtime.org | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.