CVE-2020-24604
Last modified
CVE-2020-24604 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. A Reflected XSS vulnerability was discovered in Ignite Realtime Openfire version 4.5.1. The XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the GET request "searchName", "searchValue", "searchDescription", "searchDefaultValue","searchPlugin", "searchDescription" and "searchDynamic" in server-properties.jsp and security-audit-viewer.jsp. EPSS estimates a 1.17% chance of exploitation in the next 30 days.
Description
A Reflected XSS vulnerability was discovered in Ignite Realtime Openfire version 4.5.1. The XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the GET request "searchName", "searchValue", "searchDescription", "searchDefaultValue","searchPlugin", "searchDescription" and "searchDynamic" in server-properties.jsp and security-audit-viewer.jsp
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Igniterealtime | Openfire | 4.5.1 |
References
- https://cybersecurityworks.com/zerodays/cve-2020-24604-ignite-realtime-openfire.htmlExploit, Third Party Advisory
- https://issues.igniterealtime.org/browse/OF-1963Vendor Advisory
- https://cybersecurityworks.com/zerodays/cve-2020-24604-ignite-realtime-openfire.htmlExploit, Third Party Advisory
- https://issues.igniterealtime.org/browse/OF-1963Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-24604?
How severe is CVE-2020-24604?
How do I fix CVE-2020-24604?
Are you affected by CVE-2020-24604?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST