This module exploits a XSS vulnerability in Openfire, which leads to remote command injection impersonating the administrator and uploading a plugin. This module runs a web server waiting for vulnerable clients (any browser) to connect to it. When the client connects, it will use their cookie and try to install an agent by installing a plugin in openfire.
CVE Link
Exploit Type
Product Name