Description
An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via search to the Users/Group search page.
Remediation
References
https://cybersecurityworks.com/zerodays/cve-2019-20365-openfire.html
https://github.com/igniterealtime/Openfire/pull/1561
https://issues.igniterealtime.org/browse/OF-1955
Related Vulnerabilities
CVE-2020-7709 Vulnerability in npm package json-pointer
CVE-2021-40525 Vulnerability in maven package org.apache.james:james-server
CVE-2020-11022 Vulnerability in maven package org.webjars.bowergithub.jquery:jquery
CVE-2023-47321 Vulnerability in maven package org.silverpeas.core:silverpeas-core-web
CVE-2019-17570 Vulnerability in maven package org.apache.xmlrpc:xmlrpc