Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6510

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-6510
Last Modified 25 Mar 2009 04:21:45
Published 23 Mar 2009 04:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-6510

Summary

Cross-site scripting (XSS) vulnerability in login.jsp in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to inject arbitrary web script or HTML via the url parameter.

Vulnerable Systems

Application

  • Igniterealtime Openfire 2.6.0

  • Igniterealtime Openfire 2.6.1

  • Igniterealtime Openfire 2.6.2

  • Igniterealtime Openfire 3.0.0

  • Igniterealtime Openfire 3.0.1

  • Igniterealtime Openfire 3.1.0

  • Igniterealtime Openfire 3.1.1

  • Igniterealtime Openfire 3.2.0

  • Igniterealtime Openfire 3.2.1

  • Igniterealtime Openfire 3.2.2

  • Igniterealtime Openfire 3.2.3

  • Igniterealtime Openfire 3.2.4

  • Igniterealtime Openfire 3.3.0

  • Igniterealtime Openfire 3.3.2

  • Igniterealtime Openfire 3.3.3

  • Igniterealtime Openfire 3.4.0

  • Igniterealtime Openfire 3.4.1

  • Igniterealtime Openfire 3.4.3

  • Igniterealtime Openfire 3.4.4

  • Igniterealtime Openfire 3.4.5

  • Igniterealtime Openfire 3.5.0

  • Igniterealtime Openfire 3.5.1

  • Igniterealtime Openfire 3.5.2

  • Igniterealtime Openfire 3.6.0

  • Igniterealtime Openfire 3.6.0a


References

XF - openfire-url-xss(46486)

VUPEN - ADV-2008-3061

BID - 32189

BUGTRAQ - 20081108 [AK-ADV2008-001] Openfire Jabber-Server: Multiple Vulnerabilities (Authentication Bypass, SQL injection, ...)

MILW0RM - 7075

CONFIRM - http://www.igniterealtime.org/issues/browse/JM-629

MISC - http://www.andreas-kurtz.de/advisories/AKADV2008-001-v1.0.txt


Last Updated: 27 May 2016 10:49:13