CVE-2019-20364

Name of the Vulnerable Software and Affected Versions Ignite Realtime Openfire version 4.4.4

Description A cross-site scripting (XSS) issue was discovered in Ignite Realtime Openfire. The issue is related to the cacheName parameter in the SystemCacheDetails.jsp page.

Recommendations For Ignite Realtime Openfire version 4.4.4, as a temporary workaround, consider restricting access to the SystemCacheDetails.jsp page until a patch is available. Avoid using the cacheName parameter in this page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.