Back to all zero days
Multiple Reflected Cross-Site Scripting (XSS) in Openfire Product
Dec 31, 2019
Proof of concept: (POC)
The following vulnerability is tested on Openfire version 4.4.4 Product.
Issue 01: Reflected cross-site scripting:
Figure 01: Save the import CA certificate alias information (here Alias is ‘reflected XSS’).
Figure 02: Add XSS payload to the variable “Alias.”
Figure 03: HTTP Response for the modified “alias” variable with the XSS payload.
Figure 04: Injected XSS payload, “><script>alert(document.cookie)</script>gets reflected in the browser response.
- Stealing cookies
- End-user files disclosure.
- Redirection of the user to some other page or site.
Perform context-sensitive encoding of untrusted input before it is echoed back to a browser by using an encoding library. Implement input validation for special characters on all the variables that are reflecting to the browser and storing it in the database. Implement client-side validation.
Dec 30, 2019: Vulnerability Discovered in OpenFire
Dec 31, 2019: Vulnerability Reported to Vendor
Dec 31, 2019: Vendor Responded
Dec 31, 2019: Vendor Released Fix
Jan 08, 2020: CVE Assigned
Cyber Security Works Pvt. Ltd.
- Affected VendorOpenfire
- Bug NameMultiple Reflected Cross-Site Scripting (XSS)
- CVE NumberCVE-2019-20363
- CWE IDCWE - 79
- CSW ID2019-CSW-12-1033
- CVSSv3 Score6.1
- Affected Version4.4.4
- Affected ProductIgnite Realtime