Openfire version 3.10.2 suffers from multiple persistent and reflective cross site scripting vulnerabilities.