MUC topic permits javascript payloads

Description

Kindly reported to Openfire Security Email List by Sven Tantau

Another vector would be the topic of group chats. Same again.. if an admin looks at the group chat list, the payload would be executed.

Environment

None

Activity

Show:
Tom Evans
April 17, 2014, 5:03 PM

Merged into master from pull request #1.

Fixed
Your pinned fields
Click on the next to a field label to start pinning.

Assignee

Guus der Kinderen

Reporter

Daryl Herzmann