powered by Jive Software

XSS in security audit viewer

Hi, I’d like to report a bug. There’s a XSS in openfire 3.7

When you create a new server property by admin console with XSS like "alert(‘Hello’);, there is no problem but when you go to the section security Audit Viewer, the xss start.

Thanks in advance


Thanks for the report. I have filed this as OF-595. Maybe someone will look at this at some point.

Fixed for 3.8.2.