CVE-2006-7233

Cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console in Openfire (formerly Wildfire) 2.6.0, and possibly other versions before 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the url parameter.

Published: Dec 31, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-7233
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
ignite_realtime / openfire	-	3.5.2.x
ignite_realtime / openfire	2.6.0	2.6.0.x

http://secunia.com/advisories/31483
http://www.igniterealtime.org/issues/browse/JM-430
http://www.igniterealtime.org/issues/browse/JM-629
http://www.osvdb.org/47448
http://www.securityfocus.com/bid/30696
https://exchange.xforce.ibmcloud.com/vulnerabilities/44459

Vulnerability Database

290,278

CVE-2006-7233