CSRF in Igniterealtime Openfire
CVE-2015-6973
Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via a crafted request to user-passw…
Vulnerability class: CSRF (Cross-Site Request Forgery)
EPSS: 0.161 (94.9th percentile) — read the EPSS interpretation.
Affected products
- Igniterealtime Openfire — versions 3.10.2
- N/a — versions n/a
Weakness classification (CWE)
References
- 20150915 Openfire 3.10.2 CSRF Vulnerabilities (mailing-list, x_refsource_BUGTRAQ)
- GLSA-201612-50 (vendor-advisory, x_refsource_GENTOO)
- cve@mitre.org (x_refsource_MISC)
- cve@mitre.org (x_refsource_MISC)
- 38192 (Exploit, exploit, x_refsource_EXPLOIT-DB)