Medium severity6.4NVD Advisory· Published Jan 26, 2026· Updated Apr 15, 2026
CVE-2020-36956
CVE-2020-36956
Description
Openfire 4.6.0 contains a stored cross-site scripting vulnerability in the nodejs plugin that allows attackers to inject malicious scripts through the 'path' parameter. Attackers can craft a payload with script tags to execute arbitrary JavaScript in the context of administrative users viewing the nodejs configuration page.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: = 4.6.0
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.