During a company exercise in testing our products, we found cross-site scripting vulnerability and a javascript hijacking vulnerability in the Openfire source.
We would like to provide you the details privately over email. Can someone in development reply privately and we can get the information to you?
Thanks.