CVE-2019-20528 (openfire)by Jeremyin Security Bulletinson Posted on March 23, 2020 Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp username parameter.