mirror of
https://github.com/0xMarcio/cve.git
synced 2025-12-30 04:49:42 +00:00
783 B
783 B
CVE-2020-24601
Description
In Ignite Realtime Openfire 4.5.1 a Stored Cross-site Vulnerability allows an attacker to execute an arbitrary malicious URL via the vulnerable POST parameter searchName", "alias" in the import certificate trusted page
POC
Reference
- https://cybersecurityworks.com/zerodays/cve-2020-24601-ignite-realtime-openfire.html
- https://issues.igniterealtime.org/browse/OF-1963