✅ Check your installed version
All known vulnerabilities
CRITICAL9.8CVE-2019-18394Ignite Realtime Openfire vulnerable to Server Side Request Forgery from 0, < 4.5.0-beta
MEDIUM6.1CVE-2019-20527Ignite Realtime Openfire allows Cross-site Scripting from 0, < 4.4.2
MEDIUM6.1CVE-2019-20526Ignite Realtime Openfire allows Cross-site Scripting from 0, < 4.4.2
MEDIUM6.1CVE-2019-20525Ignite Realtime Openfire allows Cross-site Scripting from 0, < 4.4.2
MEDIUM6.1CVE-2018-11688Ignite Realtime Openfire vulnerable to cross-site scripting from 0, < 3.9.2
MEDIUM5.3CVE-2019-18393Ignite Realtime Openfire directory traversal vulnerability from 0, < 4.5.0-beta
MEDIUM4.8CVE-2017-15911Ignite Realtime Openfire Server has Cross-site Scripting vulnerability in admin console from 0, < 4.1.7
from 0, < 4.5.0
—CVE-2014-2741Ignite Realtime Openfire vulnerable to XMPPbomb attack from 0, < 3.9.2
—CVE-2009-1595Ignite Realtime Openfire Allows Users to Change Passwords of Arbitrary Accounts from 0, < 3.6.4
—CVE-2008-1728Ignite Realtime Openfire allows remote authenticated users to cause a denial of service from 0, < 3.5.0