Several Vulnerabilities published in Openfire 3.10.2

Hi,

several security issues have been published that should be addressed:

Openfire 3.10.2 Cross Site Request Forgery

https://packetstormsecurity.com/files/133554/Openfire-3.10.2-Cross-Site-Request- Forgery.html

Openfire 3.10.2 Cross Site Scripting

https://packetstormsecurity.com/files/133558/Openfire-3.10.2-Cross-Site-Scriptin g.html

Openfire 3.10.2 Privilege Escalation

https://packetstormsecurity.com/files/133559/Openfire-3.10.2-Privilege-Escalatio n.html

Openfire 3.10.2 Remote File Inclusion

https://packetstormsecurity.com/files/133560/Openfire-3.10.2-Remote-File-Inclusi on.html

Openfire 3.10.2 Arbitrary File Upload

https://packetstormsecurity.com/files/133561/Openfire-3.10.2-Arbitrary-File-Uplo ad.html

I just found these posted to SecurityFocus but not mentioned here in the forums.

1 Like

Filed as OF-941 Multiple vulnerabilities (XSS, CSRF and other) in Admin Console