VYPR

ejabberd

by Ejabberd

CVEs (3)

  • CVE-2014-8760Oct 25, 2014
    risk 0.00cvss epss 0.01

    ejabberd before 2.1.13 does not enforce the starttls_required setting when compression is used, which causes clients to establish connections without encryption.

  • CVE-2010-0305Feb 3, 2010
    risk 0.00cvss epss 0.03

    ejabberd_c2s.erl in ejabberd before 2.1.3 allows remote attackers to cause a denial of service (daemon crash) via a large number of c2s (aka client2server) messages that trigger a queue overload.

  • CVE-2009-0934Mar 18, 2009
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in ejabberd before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to links and MUC logs.