CVE-2008-6510
Openfire Server 3.6.0a - Authentication Bypass / SQL Injection / Cross-Site Scripting
Severity Score
4.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Cross-site scripting (XSS) vulnerability in login.jsp in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to inject arbitrary web script or HTML via the url parameter.
Una vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en login.jsp en la Consola de Administración de Openfire 3.6.0a y anteriores permite a atacantes remotos inyectar HTML o scripts web arbitrarios a través del parámetro URL.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-03-23 CVE Reserved
- 2009-03-23 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://www.igniterealtime.org/issues/browse/JM-629 | X_refsource_confirm | |
| http://www.securityfocus.com/archive/1/498162/100/0/threaded | Mailing List | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/46486 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/7075 | 2024-08-07 | |
| http://www.andreas-kurtz.de/advisories/AKADV2008-001-v1.0.txt | 2024-08-07 | |
| http://www.securityfocus.com/bid/32189 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.vupen.com/english/advisories/2008/3061 | 2018-10-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Igniterealtime Search vendor "Igniterealtime" | Openfire Search vendor "Igniterealtime" for product "Openfire" | <= 3.6.0a Search vendor "Igniterealtime" for product "Openfire" and version " <= 3.6.0a" | - |
Affected
| ||||||
| Igniterealtime Search vendor "Igniterealtime" | Openfire Search vendor "Igniterealtime" for product "Openfire" | 2.6.0 Search vendor "Igniterealtime" for product "Openfire" and version "2.6.0" | - |
Affected
| ||||||
| Igniterealtime Search vendor "Igniterealtime" | Openfire Search vendor "Igniterealtime" for product "Openfire" | 2.6.1 Search vendor "Igniterealtime" for product "Openfire" and version "2.6.1" | - |
Affected
| ||||||
| Igniterealtime Search vendor "Igniterealtime" | Openfire Search vendor "Igniterealtime" for product "Openfire" | 2.6.2 Search vendor "Igniterealtime" for product "Openfire" and version "2.6.2" | - |
Affected
| ||||||
| Igniterealtime Search vendor "Igniterealtime" | Openfire Search vendor "Igniterealtime" for product "Openfire" | 3.0.0 Search vendor "Igniterealtime" for product "Openfire" and version "3.0.0" | - |
Affected
| ||||||
| Igniterealtime Search vendor "Igniterealtime" | Openfire Search vendor "Igniterealtime" for product "Openfire" | 3.0.1 Search vendor "Igniterealtime" for product "Openfire" and version "3.0.1" | - |
Affected
| ||||||
| Igniterealtime Search vendor "Igniterealtime" | Openfire Search vendor "Igniterealtime" for product "Openfire" | 3.1.0 Search vendor "Igniterealtime" for product "Openfire" and version "3.1.0" | - |
Affected
| ||||||
| Igniterealtime Search vendor "Igniterealtime" | Openfire Search vendor "Igniterealtime" for product "Openfire" | 3.1.1 Search vendor "Igniterealtime" for product "Openfire" and version "3.1.1" | - |
Affected
| ||||||
| Igniterealtime Search vendor "Igniterealtime" | Openfire Search vendor "Igniterealtime" for product "Openfire" | 3.2.0 Search vendor "Igniterealtime" for product "Openfire" and version "3.2.0" | - |
Affected
| ||||||
| Igniterealtime Search vendor "Igniterealtime" | Openfire Search vendor "Igniterealtime" for product "Openfire" | 3.2.1 Search vendor "Igniterealtime" for product "Openfire" and version "3.2.1" | - |
Affected
| ||||||
| Igniterealtime Search vendor "Igniterealtime" | Openfire Search vendor "Igniterealtime" for product "Openfire" | 3.2.2 Search vendor "Igniterealtime" for product "Openfire" and version "3.2.2" | - |
Affected
| ||||||
| Igniterealtime Search vendor "Igniterealtime" | Openfire Search vendor "Igniterealtime" for product "Openfire" | 3.2.3 Search vendor "Igniterealtime" for product "Openfire" and version "3.2.3" | - |
Affected
| ||||||
| Igniterealtime Search vendor "Igniterealtime" | Openfire Search vendor "Igniterealtime" for product "Openfire" | 3.2.4 Search vendor "Igniterealtime" for product "Openfire" and version "3.2.4" | - |
Affected
| ||||||
| Igniterealtime Search vendor "Igniterealtime" | Openfire Search vendor "Igniterealtime" for product "Openfire" | 3.3.0 Search vendor "Igniterealtime" for product "Openfire" and version "3.3.0" | - |
Affected
| ||||||
| Igniterealtime Search vendor "Igniterealtime" | Openfire Search vendor "Igniterealtime" for product "Openfire" | 3.3.2 Search vendor "Igniterealtime" for product "Openfire" and version "3.3.2" | - |
Affected
| ||||||
| Igniterealtime Search vendor "Igniterealtime" | Openfire Search vendor "Igniterealtime" for product "Openfire" | 3.3.3 Search vendor "Igniterealtime" for product "Openfire" and version "3.3.3" | - |
Affected
| ||||||
| Igniterealtime Search vendor "Igniterealtime" | Openfire Search vendor "Igniterealtime" for product "Openfire" | 3.4.0 Search vendor "Igniterealtime" for product "Openfire" and version "3.4.0" | - |
Affected
| ||||||
| Igniterealtime Search vendor "Igniterealtime" | Openfire Search vendor "Igniterealtime" for product "Openfire" | 3.4.1 Search vendor "Igniterealtime" for product "Openfire" and version "3.4.1" | - |
Affected
| ||||||
| Igniterealtime Search vendor "Igniterealtime" | Openfire Search vendor "Igniterealtime" for product "Openfire" | 3.4.3 Search vendor "Igniterealtime" for product "Openfire" and version "3.4.3" | - |
Affected
| ||||||
| Igniterealtime Search vendor "Igniterealtime" | Openfire Search vendor "Igniterealtime" for product "Openfire" | 3.4.4 Search vendor "Igniterealtime" for product "Openfire" and version "3.4.4" | - |
Affected
| ||||||
| Igniterealtime Search vendor "Igniterealtime" | Openfire Search vendor "Igniterealtime" for product "Openfire" | 3.4.5 Search vendor "Igniterealtime" for product "Openfire" and version "3.4.5" | - |
Affected
| ||||||
| Igniterealtime Search vendor "Igniterealtime" | Openfire Search vendor "Igniterealtime" for product "Openfire" | 3.5.0 Search vendor "Igniterealtime" for product "Openfire" and version "3.5.0" | - |
Affected
| ||||||
| Igniterealtime Search vendor "Igniterealtime" | Openfire Search vendor "Igniterealtime" for product "Openfire" | 3.5.1 Search vendor "Igniterealtime" for product "Openfire" and version "3.5.1" | - |
Affected
| ||||||
| Igniterealtime Search vendor "Igniterealtime" | Openfire Search vendor "Igniterealtime" for product "Openfire" | 3.5.2 Search vendor "Igniterealtime" for product "Openfire" and version "3.5.2" | - |
Affected
| ||||||
| Igniterealtime Search vendor "Igniterealtime" | Openfire Search vendor "Igniterealtime" for product "Openfire" | 3.6.0 Search vendor "Igniterealtime" for product "Openfire" and version "3.6.0" | - |
Affected
| ||||||