CVE-2005-4876: XSS
First published: Sat Dec 31 2005(Updated: )
Cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console in Openfire (formerly Wildfire) 2.2.2, and possibly other versions before 2.3.0 Beta 2, allows remote attackers to inject arbitrary web script or HTML via the username parameter, a different vulnerability than CVE-2005-4877.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Openfire | =2.2.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2005-4876?
CVE-2005-4876 is classified as a medium severity cross-site scripting (XSS) vulnerability.
How do I fix CVE-2005-4876?
To fix CVE-2005-4876, upgrade Openfire to version 2.3.0 Beta 2 or later.
What software versions are affected by CVE-2005-4876?
CVE-2005-4876 affects Openfire versions prior to 2.3.0 Beta 2, specifically 2.2.2.
What type of attack does CVE-2005-4876 allow?
CVE-2005-4876 allows remote attackers to inject arbitrary web script or HTML into the login form.
Where is CVE-2005-4876 found in the Openfire application?
CVE-2005-4876 is found in the login form located in login.jsp of the admin console.
- agent/references
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/ignite realtime
- canonical/openfire
- version/openfire/2.2.2