Xrogue

**Name of the Vulnerable Software and Affected Versions** Ignite Realtime Openfire versions 4.9.0 and earlier Ignite Realtime Openfire versions 4.8.0 and earlier **Description** The issue allows a remote attacker to escalate privileges via the `admin.authorizedJIDs` system property component or the ROOM CACHE component. **Recommendations** For versions 4.9.0 and earlier, consider disabling the `admin.authorizedJIDs` system property component until a patch is available. For versions 4.8.0 and earlier, restrict access to the ROOM CACHE component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ignite Realtime Openfire versions 4.9.0 and earlier Ignite Realtime Openfire versions 4.8.0 and earlier **Description** An issue in Ignite Realtime Openfire allows a remote attacker to escalate privileges via the ROOM CACHE component. **Recommendations** For versions 4.9.0 and earlier, update to a version later than 4.9.0. For versions 4.8.0 and earlier, update to a version later than 4.8.0. As a temporary workaround, consider restricting access to the ROOM CACHE component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** fileNice version 1.1 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `sstring` parameter, also known as the Search Box. **Recommendations** For fileNice version 1.1, avoid using the `sstring` parameter in the affected index.php file until a fix is available. As a temporary workaround, consider restricting access to the Search Box functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CMScout versions 2.09 and possibly other versions **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `search` parameter in the Search Site feature. **Recommendations** For CMScout version 2.09, consider restricting access to the Search Site feature until a fix is available. As a temporary workaround, avoid using the `search` parameter in the affected Search Site feature until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.