Browse all 3 CVE security advisories affecting igniterealtime. AI-powered Chinese analysis, POCs, and references for each vulnerability.
IgniteRealTime is an open-source instant messaging and collaboration platform primarily used for organizational communication. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from input validation flaws and improper access controls. The platform's security posture has been impacted by multiple CVEs, with some instances allowing unauthorized access or system compromise. While no major public security incidents have been widely documented, the persistent discovery of vulnerabilities highlights the need for regular updates and security hardening. Its Java-based architecture and plugin system introduce additional attack surfaces that require careful configuration and monitoring to maintain secure operations.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2020-36956 | Openfire 4.6.0 - 'path' Stored XSS — OpenfireCWE-79 | 6.4 | Medium | 2026-01-26 |
| CVE-2025-59154 | Openfire allows potential identity spoofing via unsafe CN parsing — OpenfireCWE-290 | 5.9 | Medium | 2025-09-15 |
| CVE-2023-32315 | Openfire administration console authentication bypass — OpenfireCWE-22 | 8.6 | High | 2023-05-26 |
This page lists every published CVE security advisory associated with igniterealtime. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.