Stavros Manis

Researcher fromLRQA
#12504of 53,632
21.8Total CVSS
Vulnerabilities · 3
Medium
1
High
1
Critical
1
PT-2024-20933
7.2
2024-03-26
Ignite Realtime · Openfire · CVE-2024-25420
**Name of the Vulnerable Software and Affected Versions** Ignite Realtime Openfire versions 4.9.0 and earlier Ignite Realtime Openfire versions 4.8.0 and earlier **Description** The issue allows a remote attacker to escalate privileges via the `admin.authorizedJIDs` system property component or the ROOM CACHE component. **Recommendations** For versions 4.9.0 and earlier, consider disabling the `admin.authorizedJIDs` system property component until a patch is available. For versions 4.8.0 and earlier, restrict access to the ROOM CACHE component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2024-20934
9.8
2024-03-26
Ignite Realtime · Openfire · CVE-2024-25421
**Name of the Vulnerable Software and Affected Versions** Ignite Realtime Openfire versions 4.9.0 and earlier Ignite Realtime Openfire versions 4.8.0 and earlier **Description** An issue in Ignite Realtime Openfire allows a remote attacker to escalate privileges via the ROOM CACHE component. **Recommendations** For versions 4.9.0 and earlier, update to a version later than 4.9.0. For versions 4.8.0 and earlier, update to a version later than 4.8.0. As a temporary workaround, consider restricting access to the ROOM CACHE component until a patch is available.
PT-2022-11976
4.8
2022-09-15
Crushftp · Crushftp · CVE-2021-44076
**Name of the Vulnerable Software and Affected Versions** CrushFTP version 9 **Description** An issue was discovered in the creation of a new user through the "/WebInterface/UserManager/" interface, allowing an attacker with access to the administration panel to perform Stored Cross-Site Scripting (XSS). The payload can be executed in multiple scenarios, for example, when the user's page appears in the Most Visited section of the page. **Recommendations** For CrushFTP version 9, consider disabling the user creation feature through the /WebInterface/UserManager/ interface until a patch is available to prevent Stored Cross-Site Scripting (XSS) attacks. Restrict access to the administration panel to minimize the risk of exploitation. Avoid using the `/WebInterface/UserManager/` interface for user creation until the issue is resolved.