powered by Jive Software

Openfire 4.6.0 - Cross-Site Scripting (XSS) in fastpath-plugin

Openfire 4.6.0 has Stored XSS vulnerabilities.

Install the “fastpath” plugin.
Click on “fastpath” and “create workgroup” http://localhost:9090/plugins/fastpath/workgroup-create.jsp
Create any workgroup and add queue -> insert payload in Name Of Queue: "> and create workgroup
XSS will be triggered.