CVE-2020-24601

描述

In Ignite Realtime Openfire 4.5.1 a Stored Cross-site Vulnerability allows an attacker to execute an arbitrary malicious URL via the vulnerable POST parameter searchName", "alias" in the import certificate trusted page

受影響套件(1)

• Bitnami/openfire>= 4.5.1, <= 4.5.1

CVSS 分數

參考連結(2)

• WEBhttps://cybersecurityworks.com/zerodays/cve-2020-24601-ignite-realtime-openfire.html
• WEBhttps://issues.igniterealtime.org/browse/OF-1963