XSS vulnerability in Monitoring Service pages in Admin Console
In the admin panel of openfire, if you go to Archiving to start a search for a conversation you will have a url something like this:
The folowing parameters are vulnerable to Reflected XSS(Cross Site Scripting):
Can not reproduce this in 4.1beta. The injected strings are escaped and placed in the relevant fields if you manipulate the URL.