EPSS
Percentile
52.8%
xmppserver is vulnerable to directory traversal. Lack of validation of file names in the handleOtherRequest function in PluginServlet.java allows an attacker to retrieve local system files.
handleOtherRequest
PluginServlet.java
github.com/igniterealtime/Openfire/pull/1498