Release DateMar 05, 2009 |
Severityhigh |
ImpactSystem Compromise: Remote attackers can inject commands. |
DescriptionThis indicates an attack attempt against an XSS-vulnerability in Openfire software.The vulnerability is caused by an error when the vulnerable software handles user-properties.jsp. It allows a remote attacker to perform command injection via sending a crafted web page. |
Affected ProductsOpenfire 3.6.2 |
Recommended ActionsUpdate to latest version Openfire 3.6.3 |
Coverage IPS
VCM |
Reference/shttp://www.securityfocus.com/bid/32938 (BugTraq) |
