VYPR
Unrated severityNVD Advisory· Published Sep 16, 2015· Updated Jun 17, 2026

CVE-2015-6973

CVE-2015-6973

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via a crafted request to user-password.jsp, (2) add users via a crafted request to user-create.jsp, (3) edit server settings or (4) disable SSL on the server via a crafted request to server-props.jsp, or (5) add clients via a crafted request to plugins/clientcontrol/permitted-clients.jsp.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Igniterealtime/Openfireinferred3 versions
    = 3.10.2+ 2 more
    • (no CPE)range: = 3.10.2
    • cpe:2.3:a:igniterealtime:openfire:3.10.2:*:*:*:*:*:*:*
    • (no CPE)range: =3.10.2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.