Apache Openmeetings
17 CVEs affecting Apache Openmeetings. Latest disclosed: 2017-10-12. Critical: 3, High: 9.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-7664 | Critical | 10.0 | 2017-07-17 | Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0. |
CVE-2016-8736 | Critical | 9.8 | 2017-10-12 | Apache OpenMeetings before 3.1.2 is vulnerable to Remote Code Execution via RMI deserialization attack. |
CVE-2017-7673 | Critical | 9.8 | 2017-07-17 | Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing br… |
CVE-2017-7681 | High | 8.8 | 2017-07-17 | Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure… |
CVE-2017-7666 | High | 8.8 | 2017-07-17 | Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks. |
CVE-2017-7682 | High | 8.2 | 2017-07-17 | Apache OpenMeetings 3.2.0 is vulnerable to parameter manipulation attacks, as a result attacker has access to restricted areas. |
CVE-2017-7688 | High | 7.5 | 2017-07-17 | Apache OpenMeetings 1.0.0 updates user password in insecure manner. |
CVE-2017-7684 | High | 7.5 | 2017-07-17 | Apache OpenMeetings 1.0.0 doesn't check contents of files being uploaded. An attacker can cause a denial of service by uploading multiple large files to the se… |
CVE-2017-7683 | High | 7.5 | 2017-07-17 | Apache OpenMeetings 1.0.0 displays Tomcat version and detailed error stack trace, which is not secure. |
CVE-2017-7680 | High | 7.5 | 2017-07-17 | Apache OpenMeetings 1.0.0 has an overly permissive crossdomain.xml file. This allows for flash content to be loaded from untrusted domains. |
CVE-2016-2164 | High | 7.5 | 2016-04-11 | The (1) FileService.importFileByInternalUserId and (2) FileService.importFile SOAP API methods in Apache OpenMeetings before 3.1.1 improperly use the Java URL… |
CVE-2016-0783 | High | 7.5 | 2016-04-11 | The sendHashByUser function in Apache OpenMeetings before 3.1.1 generates predictable password reset tokens, which makes it easier for remote attackers to rese… |
CVE-2016-0784 | Medium | 6.5 | 2016-04-11 | Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrat… |
CVE-2017-7663 | Medium | 6.1 | 2017-07-17 | Both global and Room chat are vulnerable to XSS attack in Apache OpenMeetings 3.2.0. |
CVE-2016-3089 | Medium | 6.1 | 2016-08-19 | Cross-site scripting (XSS) vulnerability in the SWF panel in Apache OpenMeetings before 3.1.2 allows remote attackers to inject arbitrary web script or HTML vi… |
CVE-2016-2163 | Medium | 6.1 | 2016-04-11 | Cross-site scripting (XSS) vulnerability in Apache OpenMeetings before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the event descr… |
CVE-2017-7685 | Medium | 5.3 | 2017-07-17 | Apache OpenMeetings 1.0.0 responds to the following insecure HTTP methods: PUT, DELETE, HEAD, and PATCH. |