Can one of the openfire devs hit me up. Found a bug in your software, might want to fix it and whatnot.
~JM
Are you speaking about XSS vulnerability in Admin Console? This is a known issue and already reported a few times. Some of these issues are addressed in 3.7.0 Beta. Can’t say when and how will be addressed the other ones. We don’t have enough manpower here, only volunteers. In future, if you’ll find some other vulnerabilities you can send your report to security at igniterealtime.org mailing list.
If you have a patch for this issue you can also send it into mailing list.