oss-sec mailing list archives
CVE request: Openfire <3.6.3 XSS vulnerabilities
From: Robert Buchholz <rbu () gentoo org>
Date: Wed, 4 Feb 2009 15:19:25 +0100
Openfire before 3.6.3 contains several reflected and persistent Cross-Site Scripting vulnerabilties, also possibly leading to server-side code execution, and a directory traversal. https://bugs.gentoo.org/show_bug.cgi?id=257585 http://www.coresecurity.com/content/openfire-multiple-vulnerabilities http://www.igniterealtime.org/builds/openfire/docs/latest/changelog.html http://www.igniterealtime.org/issues/browse/JM-1506 SVN revisions r10939 r10938 r10937 r10936 on http://svn.igniterealtime.org/svn/repos/openfire/trunk/ contain the fixes.
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- CVE request: Openfire <3.6.3 XSS vulnerabilities Robert Buchholz (Feb 04)
- Re: CVE request: Openfire <3.6.3 XSS vulnerabilities Steven M. Christey (Feb 09)