CVSS: 4.3EPSS: 0%CPEs: 17EXPL: 0CVE-2009-0934
https://notcve.org/view.php?id=CVE-2009-0934
Cross-site scripting (XSS) vulnerability in ejabberd before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to links and MUC logs. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en ejabberd anterior a v2.0.4 permite a atacantes inyectar secuencias de comandos web o HTML de su elección a través de vectores desconocidos relacionados con enlaces y MUC logs. • http://osvdb.org/52714 http://secunia.com/advisories/34340 http://secunia.com/advisories/34354 http://secunia.com/advisories/34781 http://www.debian.org/security/2009/dsa-1774 http://www.openwall.com/lists/oss-security/2009/03/16/1 http://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_204 http://www.securityfocus.com/bid/34133 https://exchange.xforce.ibmcloud.com/vulnerabilities/49289 https://www.redhat.com/archives/fedora-package-announce/2009-March/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2007-0903
https://notcve.org/view.php?id=CVE-2007-0903
Unspecified vulnerability in the mod_roster_odbc module in ejabberd before 1.1.3 has unknown impact and attack vectors. Vulnerabilidad no especificada en el módulo mod_roster_odbc de ejabberd anterior a 1.1.3 tiene impacto y vectores de ataque desconocidos. • http://osvdb.org/33179 http://secunia.com/advisories/24075 http://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_113 http://www.securityfocus.com/bid/22525 http://www.vupen.com/english/advisories/2007/0570 https://exchange.xforce.ibmcloud.com/vulnerabilities/32437 •
CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 0CVE-2006-2221
https://notcve.org/view.php?id=CVE-2006-2221
A third-party installer generation tool, possibly BitRock InstallBuilder, as used in products including Process-one ejabberd 1.1.1_1 and earlier, generates an installer that allows local users to cause a denial of service via a symlink attack on the bitrock_installer.log temporary file. NOTE: it is possible that this vulnerability is present in other products that use this installer. Una herramienta de generación de instaladores de terceros, posiblemente BitRock InstallBuilder, usada en productos como Process-one ejabberd 1.1.1_1 y anteriores, genera un instalador que permite a usuarios locales causar una denegación de servicio mediante un ataque de enlaces simbólicos en el fichero temporal bitrock_installer.log. NOTA: Es posible que esta vulnerabilidad esté presente en otros productos que utilicen este instalador. • http://secunia.com/advisories/19928 http://secunia.com/advisories/19954 http://www.osvdb.org/25215 http://www.securityfocus.com/archive/1/432719/100/0/threaded http://www.securityfocus.com/archive/1/432870/100/0/threaded http://www.securityfocus.com/bid/17804 http://www.vupen.com/english/advisories/2006/1642 http://www.vupen.com/english/advisories/2006/1659 https://exchange.xforce.ibmcloud.com/vulnerabilities/26221 https://exchange.xforce.ibmcloud.com/vulnerabilities/26261 •