ejabberd
by Ejabberd
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-8760 | 0.00 | — | 0.01 | Oct 25, 2014 | ejabberd before 2.1.13 does not enforce the starttls_required setting when compression is used, which causes clients to establish connections without encryption. | |||
| CVE-2010-0305 | 0.00 | — | 0.03 | Feb 3, 2010 | ejabberd_c2s.erl in ejabberd before 2.1.3 allows remote attackers to cause a denial of service (daemon crash) via a large number of c2s (aka client2server) messages that trigger a queue overload. | |||
| CVE-2009-0934 | 0.00 | — | 0.02 | Mar 18, 2009 | Cross-site scripting (XSS) vulnerability in ejabberd before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to links and MUC logs. |
- CVE-2014-8760Oct 25, 2014risk 0.00cvss —epss 0.01
ejabberd before 2.1.13 does not enforce the starttls_required setting when compression is used, which causes clients to establish connections without encryption.
- CVE-2010-0305Feb 3, 2010risk 0.00cvss —epss 0.03
ejabberd_c2s.erl in ejabberd before 2.1.3 allows remote attackers to cause a denial of service (daemon crash) via a large number of c2s (aka client2server) messages that trigger a queue overload.
- CVE-2009-0934Mar 18, 2009risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in ejabberd before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to links and MUC logs.