org.igniterealtime.openfire:xmppserver
Maven6 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.igniterealtime.openfire:xmppserverpage 1 of 1
- CVE-2019-15488MEDIUMCVSS 6.1EG 6.1✓ Fixed in 4.4.12019-08-23
vulnerable: 4.2.0
Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test.
- CVE-2019-20528MEDIUMCVSS 6.1EG 6.1✓ Fixed in 4.4.22020-03-18
vulnerable: 4.2.0
Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp username parameter.
- CVE-2023-32315HIGHCVSS 8.6EG 9.0⚠ KEV✓ Fixed in 4.7.52023-05-26
Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauth…
- CVE-2024-25420HIGHCVSS 7.2EG 7.2✓ Fixed in 4.8.12024-03-26
vulnerable: 4.2.0
An issue in Ignite Realtime Openfire before 4.8.1 allows a remote attacker to escalate privileges via the admin.authorizedJIDs system property component.
- CVE-2024-25421CRITICALCVSS 9.8EG 9.8✓ Fixed in 4.8.12024-03-26
vulnerable: 4.2.0
An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate privileges via the ROOM_CACHE component.
- CVE-2025-59154MEDIUMCVSS 5.9EG 5.9✓ Fixed in 5.0.22025-09-15
vulnerable: 4.2.0
Openfire is an XMPP server licensed under the Open Source Apache License. Openfire’s SASL EXTERNAL mechanism for client TLS authentication contains a vulnerability in how it extracts user identities from X.509 certificates. Instead of pa…
Check whether org.igniterealtime.openfire:xmppserver is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.igniterealtime.openfire:xmppserver CVEs against the assets you own.
Start Free Scan →