CVE-2019-20526 (openfire)by Jeremyin Security Bulletinson Posted on March 23, 2020 Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp password parameter.