CVE-2019-20525: XSS
First published: Thu Mar 19 2020(Updated: )
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp driver parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Igniterealtime Openfire | =4.4.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for Ignite Realtime Openfire 4.4.1?
The vulnerability ID for Ignite Realtime Openfire 4.4.1 is CVE-2019-20525.
What is the title of the vulnerability for Ignite Realtime Openfire 4.4.1?
The title of the vulnerability for Ignite Realtime Openfire 4.4.1 is 'Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp driver paramet…'.
What is the severity rating of CVE-2019-20525?
CVE-2019-20525 has a severity rating of 6.1 (medium).
How does the vulnerability in Ignite Realtime Openfire 4.4.1 occur?
The vulnerability in Ignite Realtime Openfire 4.4.1 occurs through XSS via the setup/setup-datasource-standard.jsp driver parameter.
Is there any reference to learn more about CVE-2019-20525?
Yes, you can learn more about CVE-2019-20525 at the following URL: https://www.netsparker.com/web-applications-advisories/ns-19-015-reflected-cross-site-scripting-in-openfire/
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/igniterealtime
- canonical/igniterealtime openfire
- version/igniterealtime openfire/4.4.1