mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-12 13:31:34 +02:00
marc
783 B
783 B
CVE-2020-24601
Description
In Ignite Realtime Openfire 4.5.1 a Stored Cross-site Vulnerability allows an attacker to execute an arbitrary malicious URL via the vulnerable POST parameter searchName", "alias" in the import certificate trusted page
POC
Reference
- https://cybersecurityworks.com/zerodays/cve-2020-24601-ignite-realtime-openfire.html
- https://issues.igniterealtime.org/browse/OF-1963