CVE-2020-24602
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Ignite Realtime Openfire 4.5.1 has a reflected Cross-site scripting vulnerability which allows an attacker to execute arbitrary malicious URL via the vulnerable GET parameter searchName", "searchValue", "searchDescription", "searchDefaultValue","searchPlugin", "searchDescription" and "searchDynamic" in the Server Properties and Security Audit Viewer JSP page
Ignite Realtime Openfire versión 4.5.1, presenta una vulnerabilidad de tipo Cross-site scripting reflejado que permite a un atacante ejecutar una URL maliciosa arbitraria por medio del parámetro GET vulnerable "searchName","searchValue","searchDescription","searchDefaultValue","searchPlugin","searchDescription" y "searchDynamic" en la página Server Properties and Security Audit Viewer JSP
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-08-24 CVE Reserved
- 2020-09-02 CVE Published
- 2023-05-19 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://cybersecurityworks.com/zerodays/cve-2020-24602-ignite-realtime-openfire.html | 2024-08-04 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://issues.igniterealtime.org/browse/OF-1963 | 2020-11-10 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Igniterealtime Search vendor "Igniterealtime" | Openfire Search vendor "Igniterealtime" for product "Openfire" | 4.5.1 Search vendor "Igniterealtime" for product "Openfire" and version "4.5.1" | - |
Affected
|