powered by Jive Software

Cross site scripting vulnerability in 3.4.5

Hi,

I stumbled on a xss vulnerability i openfire 3.4.5. After looking at the reported bugs and trying to find anything about it in the forum, I have concluded that this is a previously unknown vulnerability. The recommendation I’ve found is to post it in the forum, this just don’t feel right.

Where should i send the information about this?

Do you really want me to post it in the forum?

Best Regards,

Joel Soderberg

You should set the tag “bug_report” for this thread, so the developers will read it.

Do you really want me to post it in the forum?

I would say, wait until someone feels responsible and send a private message to him.

Thanks for your input Coolcat.

I’ve added the tag and a few more.

I wasn’t really going to post the information in the forum. Just hinting at the fact that someone working with openfire might want to set up a mail or similar point of contact for security issues. Posting security issues to an open forum is a really bad idea.

The project developers for Openfire are Daniel and Gato, so you might try looking them up. Also, the community group chat on Wed. at 10AM pacific is a good way to get in contact with the right people.