Maven package
org.apache.openmeetings/openmeetings-parent
pkg:maven/org.apache.openmeetings/openmeetings-parent
Vulnerabilities (25)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-7664 | Cri | 10.0 | >= 3.1.0, < 3.3.0 | 3.3.0 | Jul 17, 2017 | Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0. | |
| CVE-2017-7663 | Med | 6.1 | >= 3.2.0, < 3.3.0 | 3.3.0 | Jul 17, 2017 | Both global and Room chat are vulnerable to XSS attack in Apache OpenMeetings 3.2.0. | |
| CVE-2016-3089 | Med | 6.1 | < 3.1.2 | 3.1.2 | Aug 19, 2016 | Cross-site scripting (XSS) vulnerability in the SWF panel in Apache OpenMeetings before 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the swf parameter. | |
| CVE-2016-2164 | Hig | 7.5 | < 3.1.1 | 3.1.1 | Apr 11, 2016 | The (1) FileService.importFileByInternalUserId and (2) FileService.importFile SOAP API methods in Apache OpenMeetings before 3.1.1 improperly use the Java URL class without checking the specified protocol handler, which allows remote attackers to read arbitrary files by attemptin | |
| CVE-2016-2163 | Med | 6.1 | < 3.1.1 | 3.1.1 | Apr 11, 2016 | Cross-site scripting (XSS) vulnerability in Apache OpenMeetings before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the event description when creating an event. |
- affected >= 3.1.0, < 3.3.0fixed 3.3.0
Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0.
- affected >= 3.2.0, < 3.3.0fixed 3.3.0
Both global and Room chat are vulnerable to XSS attack in Apache OpenMeetings 3.2.0.
- affected < 3.1.2fixed 3.1.2
Cross-site scripting (XSS) vulnerability in the SWF panel in Apache OpenMeetings before 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the swf parameter.
- affected < 3.1.1fixed 3.1.1
The (1) FileService.importFileByInternalUserId and (2) FileService.importFile SOAP API methods in Apache OpenMeetings before 3.1.1 improperly use the Java URL class without checking the specified protocol handler, which allows remote attackers to read arbitrary files by attemptin
- affected < 3.1.1fixed 3.1.1
Cross-site scripting (XSS) vulnerability in Apache OpenMeetings before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the event description when creating an event.
Page 2 of 2