powered by Jive Software

A possible security issue in Openfire

During a company exercise in testing our products, we found cross-site scripting vulnerability and a javascript hijacking vulnerability in the Openfire source.

We would like to provide you the details privately over email. Can someone in development reply privately and we can get the information to you?


Hey grgna,

Please send me an email to gaston at jivesoftware.com. I will file an issue for Openfire 3.5.0 for this problem.


– Gato

Hey Gato,

It would also be nice to see JM-629 fixed too as we’ve had a couple of organizations express their concern about it.