CVE-2020-24601

Name of the Vulnerable Software and Affected Versions Openfire version 4.5.1

Description A Stored Cross-site issue allows an attacker to execute an arbitrary malicious URL via the vulnerable searchName and alias parameters in the import certificate trusted page, specifically through a POST request.

Recommendations For Openfire version 4.5.1, as a temporary workaround, consider restricting access to the import certificate trusted page until a patch is available. Avoid using the searchName and alias parameters in the affected POST request until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.