J5Steam

**Name of the Vulnerable Software and Affected Versions** Ignite Realtime Openfire version 4.6.0 **Description** The issue is related to a Reflective XSS in the plugins/clientcontrol/spark-form.jsp file. **Recommendations** For Ignite Realtime Openfire version 4.6.0, consider restricting access to the spark-form.jsp file as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Ignite Realtime Openfire version 4.6.0 **Description** The issue is related to a Stored XSS in the create-bookmark.jsp file within the bookmarks plugin. **Recommendations** For Ignite Realtime Openfire version 4.6.0, consider restricting access to the `create-bookmark.jsp` file in the bookmarks plugin until a patch is available.