pkg:Bitnami/openfire

All known vulnerabilities

• HIGH8.6CVE-2023-32315⚠ KEVAdministration Console authentication bypass in openfire xmppserver
  >= 3.10.0, < 4.6.8, >= 4.7.0, < 4.7.5
• CRITICAL9.8CVE-2021-45967An issue was discovered in Pascom Cloud Phone System before 7.20.x.
  from 0, < 4.5.0 | >= 4.5.0, <= 4.5.0
• MEDIUM6.1CVE-2020-24601In Ignite Realtime Openfire 4.5.1 a Stored Cross-site Vulnerability allows an attacker to execute an arbitrary malicious URL via the vulner…
  >= 4.5.1, <= 4.5.1
• MEDIUM6.1CVE-2020-24602Ignite Realtime Openfire 4.5.1 has a reflected Cross-site scripting vulnerability which allows an attacker to execute arbitrary malicious U…
  >= 4.5.1, <= 4.5.1
• MEDIUM6.1CVE-2020-24604A Reflected XSS vulnerability was discovered in Ignite Realtime Openfire version 4.5.1.
  >= 4.5.1, <= 4.5.1
• MEDIUM6.1CVE-2020-35200Ignite Realtime Openfire 4.6.0 has plugins/clientcontrol/spark-form.jsp Reflective XSS.
  >= 4.6.0, <= 4.6.0
• MEDIUM5.4CVE-2020-35127Ignite Realtime Openfire 4.6.0 has plugins/bookmarks/create-bookmark.jsp Stored XSS.
  >= 4.6.0, <= 4.6.0
• MEDIUM5.4CVE-2020-35199Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp groupchatJID Stored XSS.
  >= 4.6.0, <= 4.6.0
• MEDIUM5.4CVE-2020-35201Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp users Stored XSS.
  >= 4.6.0, <= 4.6.0
• MEDIUM5.4CVE-2020-35202Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql Stored XSS.
  >= 4.6.0, <= 4.6.0