Description
Ignite Realtime Openfire 4.6.0 has plugins/clientcontrol/spark-form.jsp Reflective XSS.
Remediation
References
https://discourse.igniterealtime.org/t/openfire-4-6-0-has-reflective-xss-vulnerabilities/89296
Related Vulnerabilities
CVE-2023-35160 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates
CVE-2022-41928 Vulnerability in maven package org.xwiki.platform:xwiki-platform-attachment-ui
CVE-2021-23443 Vulnerability in npm package edge.js
CVE-2023-40311 Vulnerability in maven package org.opennms:opennms-webapp