CVE-2015-6972

Vulnerability

Ignite Realtime Openfire version 3.10.2 contains multiple cross-site scripting (XSS) vulnerabilities. These include persistent XSS in the groupchatName and urlName parameters of plugins/clientcontrol/create-bookmark.jsp, and reflected XSS in the hostname parameter of server-session-details.jsp and the search parameter of group-summary.jsp [1][2].

Exploitation

For reflected XSS, an attacker can craft a malicious URL containing the payload and trick a victim into clicking it. For persistent XSS, an attacker with the ability to create bookmarks (e.g., a logged-in user) can inject JavaScript into the bookmark name fields; the payload executes whenever another user views the bookmark list [2].

Impact

Successful exploitation allows an attacker to execute arbitrary HTML and JavaScript in the context of the victim's browser. This can lead to session hijacking, data theft, or defacement of the administrative web interface [1][2][3].

Mitigation

The vulnerability is fixed in Openfire version 4.1.0 [3]. Users should upgrade to this or a later version. There is no known workaround for earlier versions [3]. This issue is not listed in CISA's Known Exploited Vulnerabilities catalog.