CVE-2015-6972
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2015-6972
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to inject arbitrary web script or HTML via the (1) groupchatName parameter to plugins/clientcontrol/create-bookmark.jsp; the (2) urlName parameter to plugins/clientcontrol/create-bookmark.jsp; the (3) hostname parameter to server-session-details.jsp; or the (4) search parameter to group-summary.jsp.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Ignite Realtime Openfire 多个跨站脚本漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Ignite Realtime Openfire(前称Wildfire)是IgniteRealtime社区的一款采用Java开发且基于XMPP(前称Jabber,即时通讯协议)的跨平台开源实时协作(RTC)服务器,它能够构建高效率的即时通信服务器,并支持上万并发用户数量。 Ignite Realtime Openfire 3.10.2版本中存在多个跨站脚本漏洞,这些漏洞源于plugins/clientcontrol/create-bookmark.jsp脚本没有充分过滤‘groupchatName’参数;
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2015-6972
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2015-6972
Please Login to view more intelligence information
- 🔗 http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-XSS.txtx_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2015-6972
Same Patch Batch · n/a · 2015-09-16 · 18 CVEs total
| CVE-2015-5956 | TYPO3 安全漏洞 | |
| CVE-2015-5426 | HP LoadRunner Controller 安全漏洞 | |
| CVE-2015-6969 | Serendipity 2k11主题跨站脚本漏洞 | |
| CVE-2015-6968 | Serendipity 不完整黑名单漏洞 | |
| CVE-2015-6967 | Nibbleblog 代码注入漏洞 | |
| CVE-2015-6966 | Nibbleblog 跨站请求伪造漏洞 | |
| CVE-2015-6965 | WordPress Contact Form Generator插件跨站请求伪造漏洞 | |
| CVE-2015-6829 | WordPress WP Limit Login Attempts插件SQL注入漏洞 | |
| CVE-2015-6828 | WordPress SecureMoz Security Audit插件输入验证漏洞 | |
| CVE-2015-6973 | Ignite Realtime Openfire 多个跨站请求伪造漏洞 | |
| CVE-2015-5440 | HP UCMDB 信息泄露漏洞 | |
| CVE-2015-2136 | HP ArcSight Logger 信息泄露漏洞 | |
| CVE-2015-6929 | Nokia Solutions and Networks @vantage Commander 多个跨站脚本漏洞 | |
| CVE-2015-5465 | Silicon Integrated Systems WindowsXP Display Manager 安全漏洞 | |
| CVE-2015-3623 | QlikTech Qlikview XML外部实体漏洞 | |
| CVE-2015-1173 | Unit4 Polska TETA Web 安全漏洞 | |
| CVE-2014-8778 | Checkmarx CxSAST 代码注入漏洞 |
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-6667
PgBouncer missing authorization check in KILL_CLIENT admin c - CVE-2026-6666
PgBouncer crash in kill_pool_logins_server_error - CVE-2026-6665
PgBouncer buffer overflow in SCRAM - CVE-2026-6664
PgBouncer integer overflow in PgBouncer network packet parsi - CVE-2026-8127
eladmin Users API Endpoint UserController.java checkLevel ac
V. Comments for CVE-2015-6972
No comments yet