powered by Jive Software

Openfire 4.6.0 has Stored XSS vulnerabilities

Openfire 4.6.0 has Stored XSS vulnerabilities.

Stored XSS

http://127.0.0.1:9090/plugins/bookmarks/create-bookmark.jsp

payload and alert(document.cookie)

If you can’t trigger the leak, you need to install some default plug-ins.

My email is eXB0aG5vQGdtYWlsLmNvbQ== Please contact us if you have any questions.