Stored Cross-site Vulnerability in Ignite Realtime Openfire 4.5.1: Arbitrary URL Execution via searchName and alias Parameters

Stored Cross-site Vulnerability in Ignite Realtime Openfire 4.5.1: Arbitrary URL Execution via searchName and alias Parameters

CVE-2020-24601 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

In Ignite Realtime Openfire 4.5.1 a Stored Cross-site Vulnerability allows an attacker to execute an arbitrary malicious URL via the vulnerable POST parameter searchName", "alias" in the import certificate trusted page

Learn more about our Web Application Penetration Testing UK.