Unrated severityNVD Advisory· Published Sep 16, 2015· Updated Jun 17, 2026
CVE-2015-6973
CVE-2015-6973
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via a crafted request to user-password.jsp, (2) add users via a crafted request to user-create.jsp, (3) edit server settings or (4) disable SSL on the server via a crafted request to server-props.jsp, or (5) add clients via a crafted request to plugins/clientcontrol/permitted-clients.jsp.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3= 3.10.2+ 2 more
- (no CPE)range: = 3.10.2
- cpe:2.3:a:igniterealtime:openfire:3.10.2:*:*:*:*:*:*:*
- (no CPE)range: =3.10.2
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.