oss-sec mailing list archives

CVE request: Openfire <3.6.3 XSS vulnerabilities

From: Robert Buchholz <rbu () gentoo org>
Date: Wed, 4 Feb 2009 15:19:25 +0100

Openfire before 3.6.3 contains several reflected and persistent 
Cross-Site Scripting vulnerabilties, also possibly leading to 
server-side code execution, and a directory traversal.

https://bugs.gentoo.org/show_bug.cgi?id=257585
http://www.coresecurity.com/content/openfire-multiple-vulnerabilities
http://www.igniterealtime.org/builds/openfire/docs/latest/changelog.html
http://www.igniterealtime.org/issues/browse/JM-1506

SVN revisions r10939 r10938 r10937 r10936 on 
http://svn.igniterealtime.org/svn/repos/openfire/trunk/ contain the 
fixes.

Attachment: signature.asc
Description: This is a digitally signed message part.

Current thread:

CVE request: Openfire <3.6.3 XSS vulnerabilities Robert Buchholz (Feb 04)
- Re: CVE request: Openfire <3.6.3 XSS vulnerabilities Steven M. Christey (Feb 09)