CVE-2005-4876

Cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console in Openfire (formerly Wildfire) 2.2.2, and possibly other versions before 2.3.0 Beta 2, allows remote attackers to inject arbitrary web script or HTML via the username parameter, a different vulnerability than CVE-2005-4877.

Published: Dec 31, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-4876
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
ignite_realtime / openfire	2.2.2	2.2.2.x

http://www.igniterealtime.org/issues/browse/JM-430
https://exchange.xforce.ibmcloud.com/vulnerabilities/44689

Vulnerability Database

CVE-2005-4876