CVE Tools

igniterealtime

Communicationsoss-project

30

Cumulative CVEs

10

Monthly snapshots

#24

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting igniterealtime.

CVE-2020-36956Openfire 4.6.0 - 'path' Stored XSS6.4Jan 26, 2026
CVE-2025-59154Openfire allows potential identity spoofing via unsafe CN parsing5.9Sep 15, 2025
CVE-2024-25421An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate privileges via the ROOM_CACHE component.9.8Mar 26, 2024
CVE-2024-25420An issue in Ignite Realtime Openfire before 4.8.1 allows a remote attacker to escalate privileges via the admin.authorizedJIDs system property component.7.2Mar 26, 2024
CVE-2023-32315Openfire administration console authentication bypassKEV8.6May 26, 2023
CVE-2021-45967An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintend...9.8Mar 18, 2022
CVE-2020-35199Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp groupchatJID Stored XSS.5.4Dec 12, 2020
CVE-2020-35200Ignite Realtime Openfire 4.6.0 has plugins/clientcontrol/spark-form.jsp Reflective XSS.6.1Dec 12, 2020
CVE-2020-35202Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql Stored XSS.5.4Dec 12, 2020
CVE-2020-35201Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp users Stored XSS.5.4Dec 12, 2020
CVE-2020-35127Ignite Realtime Openfire 4.6.0 has plugins/bookmarks/create-bookmark.jsp Stored XSS.5.4Dec 11, 2020
CVE-2020-24601In Ignite Realtime Openfire 4.5.1 a Stored Cross-site Vulnerability allows an attacker to execute an arbitrary malicious URL via the vulnerable POST parameter searchName", "alias" in the import cer...6.1Sep 2, 2020
CVE-2020-24604A Reflected XSS vulnerability was discovered in Ignite Realtime Openfire version 4.5.1. The XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the GET request "sea...6.1Sep 2, 2020
CVE-2020-24602Ignite Realtime Openfire 4.5.1 has a reflected Cross-site scripting vulnerability which allows an attacker to execute arbitrary malicious URL via the vulnerable GET parameter searchName", "searchVa...6.1Sep 2, 2020
CVE-2020-12772An issue was discovered in Ignite Realtime Spark 2.8.3 (and the ROAR plugin for it) on Windows. A chat message can include an IMG element with a SRC attribute referencing an external host's IP addr...8.8May 12, 2020