This host is running OpenFire and is prone to multiple vulnerabilities.

Attacker may leverage this issue by executing arbitrary script code or injecting HTML or JavaScript code in the context of the affected system and can cause directory traversal or XSS attack. Impact Level: System

Upgrade to OpenFire version 3.6.3 http://www.igniterealtime.org/downloads/index.jsp

Application fails to sanitise the user inputs in, - log parameter to logviewer.jsp and log.jsp files, - search parameter to group-summary.jsp file, - username parameter to user-properties.jsp file, - logDir, maxTotalSize, maxFileSize, maxDays, and logTimeout parameters to audit-policy.jsp file, - propName parameter to server-properties.jsp file, and - roomconfig_roomname and roomconfig_roomdesc parameters to muc-room-edit-form.jsp file.

Ignite Realtime Openfire version prior to 3.6.3 on all platforms

• http://secunia.com/advisories/33452
• http://www.securityfocus.com/archive/1/archive/1/499880/100/0/threaded

---

Updated on 2017-03-28