Vigil@nce - Openfire: two Cross Site Scripting
June 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can trigger two Cross Site Scripting in Openfire, in
order to execute JavaScript code in the context of the web site.
Impacted products: Openfire
Severity: 2/4
Creation date: 29/05/2013
DESCRIPTION OF THE VULNERABILITY
Two Cross Site Scripting were announced in Openfire.
An attacker can trigger a Cross Site Scripting in Security audit
logviewer, in order to execute JavaScript code in the context of
the web site. [severity:2/4; OF-595]
An attacker can trigger a Cross Site Scripting in
server2server.jsp, in order to execute JavaScript code in the
context of the web site. [severity:2/4; OF-671]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Openfire-two-Cross-Site-Scripting-12874