A possible security issue in Openfire

Georgina_Robinson · January 22, 2008, 11:07pm

During a company exercise in testing our products, we found cross-site scripting vulnerability and a javascript hijacking vulnerability in the Openfire source.

We would like to provide you the details privately over email. Can someone in development reply privately and we can get the information to you?

Thanks.

Gaston_Dombiak · January 23, 2008, 6:48am

Hey grgna,

Please send me an email to gaston at jivesoftware.com. I will file an issue for Openfire 3.5.0 for this problem.

Thanks,

– Gato

Ryan_Graham · January 23, 2008, 4:26pm

Hey Gato,

It would also be nice to see JM-629 fixed too as we’ve had a couple of organizations express their concern about it.

Cheers,

Ryan