Uploaded image for project: 'Openfire'
  1. Openfire
  2. OF-942 CVE-2015-6972 CVE-2015-6973 Admin Console Security Improvements
  3. OF-1022

Reflected XSS vulnerability in muc-room-edit-form.jsp params in Admin Console

    XMLWordPrintable

    Details

      Description

      The following parameters in '/muc-room-edit-form.jsp' have been identified as being vulnerable to reflected XSS (Cross Site Scripting):

      • roomconfig_persistentroom
      • roomconfig_roomsecret
      • roomconfig_roomsecret2

      See the attached Burp Suite report for further details.

        Attachments

          Activity

            People

            • Assignee:
              dwd Dave Cridland
              Reporter:
              timd Tim Durden
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: