Stored Cross-site Vulnerability in Ignite Realtime Openfire 4.5.1: Arbitrary URL Execution via searchName and alias Parameters
CVE-2020-24601 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
In Ignite Realtime Openfire 4.5.1 a Stored Cross-site Vulnerability allows an attacker to execute an arbitrary malicious URL via the vulnerable POST parameter searchName", "alias" in the import certificate trusted page
Learn more about our Web Application Penetration Testing UK.