VYPR
Get started
← All advisories
High severity7.5NVD Advisory· Published Jul 17, 2017· Updated May 13, 2026

CVE-2017-7680

CVE-2017-7680

Description

Apache OpenMeetings 1.0.0 has an overly permissive crossdomain.xml file. This allows for flash content to be loaded from untrusted domains.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.openmeetings:openmeetings-parentMaven
>= 1.0.0, < 3.3.03.3.0

Affected products

22
  • Apache/Openmeetings21 versions
    cpe:2.3:a:apache:openmeetings:1.0.0:*:*:*:*:*:*:*+ 20 more
    • cpe:2.3:a:apache:openmeetings:1.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:openmeetings:2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:openmeetings:2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:openmeetings:2.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:openmeetings:2.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:openmeetings:3.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:openmeetings:3.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:openmeetings:3.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:openmeetings:3.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:openmeetings:3.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:openmeetings:3.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:openmeetings:3.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:openmeetings:3.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:openmeetings:3.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:openmeetings:3.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:openmeetings:3.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:openmeetings:3.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:openmeetings:3.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:openmeetings:3.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:openmeetings:3.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:openmeetings:3.2.1:*:*:*:*:*:*:*
  • Apache Software Foundation/Apache OpenMeetingsv5
    Range: 1.0.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.