{ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-0496", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) log parameter to (a) logviewer.jsp and (b) log.jsp; (2) search parameter to (c) group-summary.jsp; (3) username parameter to (d) user-properties.jsp; (4) logDir, (5) maxTotalSize, (6) maxFileSize, (7) maxDays, and (8) logTimeout parameters to (e) audit-policy.jsp; (9) propName parameter to (f) server-properties.jsp; and the (10) roomconfig_roomname and (11) roomconfig_roomdesc parameters to (g) muc-room-edit-form.jsp. NOTE: this can be leveraged for arbitrary code execution by using XSS to upload a malicious plugin." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugs.gentoo.org/show_bug.cgi?id=254309", "refsource": "CONFIRM", "url": "https://bugs.gentoo.org/show_bug.cgi?id=254309" }, { "name": "32943", "refsource": "BID", "url": "http://www.securityfocus.com/bid/32943" }, { "name": "openfire-serverproperties-xss(47835)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47835" }, { "name": "32940", "refsource": "BID", "url": "http://www.securityfocus.com/bid/32940" }, { "name": "32944", "refsource": "BID", "url": "http://www.securityfocus.com/bid/32944" }, { "name": "http://www.igniterealtime.org/issues/browse/JM-1506", "refsource": "CONFIRM", "url": "http://www.igniterealtime.org/issues/browse/JM-1506" }, { "name": "33452", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33452" }, { "name": "32935", "refsource": "BID", "url": "http://www.securityfocus.com/bid/32935" }, { "name": "openfire-mucroomeditform-xss(47845)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47845" }, { "name": "openfire-multiple-scripts-xss(47834)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47834" }, { "name": "32939", "refsource": "BID", "url": "http://www.securityfocus.com/bid/32939" }, { "name": "32938", "refsource": "BID", "url": "http://www.securityfocus.com/bid/32938" }, { "name": "32937", "refsource": "BID", "url": "http://www.securityfocus.com/bid/32937" }, { "name": "20090108 CORE-2008-1128: Openfire multiple vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/499880/100/0/threaded" }, { "name": "http://www.coresecurity.com/content/openfire-multiple-vulnerabilities", "refsource": "MISC", "url": "http://www.coresecurity.com/content/openfire-multiple-vulnerabilities" } ] } }