Miggo Logo
Miggo Vulnerability Database
CVE-2019-20525

CVE-2019-20525:
Ignite Realtime Openfire allows Cross-site Scripting

6.1

CVSS Score
3.1

Basic Information

CVE ID
CVE-2019-20525
GHSA ID
GHSA-h2mq-p9r5-wh94
EPSS Score
0.63687%
CWE
CWE-79
Published
5/24/2022
Updated
2/2/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.igniterealtime.openfire:parentmaven< 4.4.24.4.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from unescaped rendering of HTTP parameters in setup-datasource-standard.jsp. The patch adds JSTL escaping (fn:escapeXml) to all user-controlled input fields. In JSP architecture, the _jspService method of the compiled servlet handles parameter rendering. The vulnerable version used scriptlets (<%= ... %>) without escaping, while the patched version uses safe output encoding. This function would appear in runtime traces during parameter processing and response generation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

I*nit* R**ltim* Op*n*ir* *.*.* *llows XSS vi* t** s*tup/s*tup-**t*sour**-st*n**r*.jsp *riv*r p*r*m*t*r. T*is issu* w*s *ix** in v*rsion *.*.*.

Reasoning

T** vuln*r**ility st*ms *rom un*s**p** r*n**rin* o* *TTP p*r*m*t*rs in `s*tup-**t*sour**-st*n**r*.jsp`. T** p*t** ***s JSTL *s**pin* (`*n:*s**p*Xml`) to *ll us*r-*ontroll** input *i*l*s. In JSP *r**it**tur*, t** `_jspS*rvi**` m*t*o* o* t** *ompil** s