CVE-2020-24601

EPSS 0.61% · P70 Updated Feb 24, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-24601

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

In Ignite Realtime Openfire 4.5.1 a Stored Cross-site Vulnerability allows an attacker to execute an arbitrary malicious URL via the vulnerable POST parameter searchName", "alias" in the import certificate trusted page

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Ignite Realtime Openfire 跨站脚本漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Ignite Realtime Openfire是Ignite Realtime社区的一款采用Java开发且基于XMPP（前称Jabber，即时通讯协议）的跨平台开源实时协作（RTC）服务器，它能够构建高效率的即时通信服务器，并支持上万并发用户数量。 Ignite Realtime Openfire 4.5.1版本中存在跨站脚本漏洞，该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2020-24601

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2020-24601

请登录查看更多情报信息。

https://issues.igniterealtime.org/browse/OF-1963x_refsource_MISC
https://cybersecurityworks.com/zerodays/cve-2020-24601-ignite-realtime-openfire.htmlx_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2020-24601

Same Patch Batch · n/a · 2020-09-02 · 29 CVEs total

CVE-2020-25026		TYPO3 安全漏洞
CVE-2020-16150		Trusted Firmware Mbed TLS 安全漏洞
CVE-2020-25073		FreedomBox 安全漏洞
CVE-2020-24355		Zyxel VMG5313-B30B 安全漏洞
CVE-2020-16602		Razer Chroma SDK Rest Server 竞争条件问题漏洞
CVE-2020-17458		MultiUx 跨站脚本漏洞
CVE-2020-24602		Ignite Realtime Openfire 跨站脚本漏洞
CVE-2020-24604		Ignite Realtime Openfire 跨站脚本漏洞
CVE-2020-25079		D-Link DCS-2530L和DCS-2670L 安全漏洞
CVE-2020-25078		D-Link DCS-2530L和DCS-2670L 安全漏洞
CVE-2020-23830		SourceCodester Stock Management System 跨站请求伪造漏洞
CVE-2020-24030		ForLogic Qualiex 安全漏洞
CVE-2020-24029		ForLogic Qualiex 授权问题漏洞
CVE-2020-24028		ForLogic Qualiex 安全漏洞
CVE-2020-25044		Kaspersky Virus Removal Tool 安全漏洞
CVE-2020-25025		TYPO3 安全漏洞
CVE-2020-24654		KDE Ark 后置链接漏洞
CVE-2020-24553		Google Golang 跨站脚本漏洞
CVE-2020-12621		Android Teamwire 安全漏洞
CVE-2020-13802		Rebar3 命令注入漏洞

Showing top 20 of 29 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2020-24601

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2020-24601

I. Basic Information for CVE-2020-24601

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2020-24601

III. Intelligence Information for CVE-2020-24601

Same Patch Batch · n/a · 2020-09-02 · 29 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2020-24601

Leave a comment