Hi,
A security scan was done on Openfire 3.7.1 & 3.9.1, similar security issues were found and logged in the scan report !@ attached.
Thanks.
XMPP3.9.1_SecurityIssues.xlsx (13541 Bytes)
You should run these tests against the latest version (3.9.3). 3.9.2 and 3.9.3 had numerous security fixes, so some of these issues probably have been fixed.