漏洞描述
Ignite Realtime Openfire是Ignite Realtime社区的一款采用Java开发且基于XMPP(前称Jabber,即时通讯协议)的跨平台开源实时协作(RTC)服务器,它能够构建高效率的即时通信服务器,并支持上万并发用户数量。 Ignite Realtime Openfire 4.6.0 存在跨站脚本漏洞,该漏洞源于plugins/dbaccess/db-access.jsp存储XSS。
Openfire /db-access.jsp 路径存在跨站脚本漏洞
PoC代码
暂无相关漏洞推荐
- POC nexus-repository-anonymous-access: Nexus Repository Manager - Anonymous Access Enabled
- CVE-2019-18394: Openfire Full Read SSRF
- bt742-pma-unauthorized-access: BT742 PMA Unauthorized Access
- (CVE-2025-9360)Linksys多款路由器accessControlAdd功能栈基缓冲区溢出漏洞
- POC CVE-2017-18496: Htaccess by BestWebSoft < 1.7.6 - Cross-Site Scripting
- POC CVE-2018-10738: NagiosXI <= 5.4.12 menuaccess.php - SQL injection
- POC CVE-2019-18393: Ignite Realtime Openfire <4.42 - Local File Inclusion
- POC CVE-2019-18394: Ignite Realtime Openfire <=4.4.2 - Server-Side Request Forgery
- POC CVE-2023-32315: Openfire Administration Console - Authentication Bypass
- POC unrestricted-rdp-access: Unrestricted - RDP Access
- POC unrestricted-ssh-access: Unrestricted - SSH Access
- POC access-logoss-disabled: Access Logging for OSS Buckets - Disabled
- POC limit-networkaccess-disabled: Limit Network Access to Selected Networks - Disabled