Back to all zero days
Multiple Cross-Site Scripting (XSS) in Openfire Product
Ignite Realtime Openfire
5th Feb, 2020
Proof of concept: (POC)
The following vulnerability was tested on Openfire version 4.5.0 Product.
Issue 01: Reflected cross-site scripting
Figure 01: Injected XSS payload '+accesskey='X'+onclick='alert(document.cookie), gets reflected in the browser response.
Issue 02: Reflected cross-site scripting