PT-2018-10749 · Ignite Realtime · Openfire

Yavuz Atlas

·

Publicado

2018-06-13

·

Atualizado

2022-05-14

·

CVE-2018-11688

CVSS v3.1

6.1

Média

VetorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Openfire versions prior to 3.9.2
Description The issue is caused by improper validation of user-supplied input, leading to cross-site scripting. A remote attacker could exploit this via a crafted URL to execute script in a victim's Web browser, potentially stealing the victim's cookie-based authentication credentials.
Recommendations For versions prior to 3.9.2, update to version 3.9.2 or later to resolve the issue.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2018-11688
GHSA-JPHJ-5G3M-W7X6

Produtos afetados

Openfire