openfire - Arch Linux
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-15 | 4.0.4-1 | 4.1.0-1 | High | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2015-7707 | AVG-15 | High | Yes | Privilege escalation | Ignite Realtime Openfire 3.10.2 allows remote authenticated users to gain administrator access via the isadmin parameter to user-edit- form.jsp. |
| CVE-2015-6973 | AVG-15 | Medium | Yes | Cross-site request forgery | Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to hijack the authentication of... |
| CVE-2015-6972 | AVG-15 | Medium | Yes | Cross-site scripting | Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to inject arbitrary web script or HTML via the... |
Advisories
| Date | Advisory | Group | Severity | Type |
|---|---|---|---|---|
| 23 Dec 2016 | ASA-201612-21 | AVG-15 | High | multiple issues |