CVE-2020-35202: XSS
First published: Sat Dec 12 2020(Updated: )
Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql Stored XSS.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Igniterealtime Openfire | =4.6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for Ignite Realtime Openfire 4.6.0?
The vulnerability ID for Ignite Realtime Openfire 4.6.0 is CVE-2020-35202.
What is the severity level of CVE-2020-35202?
The severity level of CVE-2020-35202 is medium with a CVSS score of 5.4.
What is the description of CVE-2020-35202?
CVE-2020-35202 is a Stored XSS vulnerability in the db-access.jsp file of Ignite Realtime Openfire 4.6.0.
What software version is affected by CVE-2020-35202?
The Ignite Realtime Openfire version 4.6.0 is affected by CVE-2020-35202.
Is there an exploit available for CVE-2020-35202?
Yes, there is an exploit available for CVE-2020-35202. You can find more information at https://www.exploit-db.com/exploits/49235.
- collector/nvd-index
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/igniterealtime
- canonical/igniterealtime openfire
- version/igniterealtime openfire/4.6.0