Openfire 4.6.0 has Stored XSS vulnerabilities.
Install the “fastpath” plugin.
Click on “fastpath” and “create workgroup” http://localhost:9090/plugins/fastpath/workgroup-create.jsp
Create any workgroup and add queue -> insert payload in Name Of Queue: "> and create workgroup
XSS will be triggered.