Openmeetings@* Security Vulnerabilities and Issues — Openmeetings@* CVE List

Lucene search

ApacheOpenmeetings*

5 matches found

CVE•added 2016/04/11 2:59 p.m.•54 views

CVE-2016-2164

The (1) FileService.importFileByInternalUserId and (2) FileService.importFile SOAP API methods in Apache OpenMeetings before 3.1.1 improperly use the Java URL class without checking the specified protocol handler, which allows remote attackers to read arbitrary files by attempting to upload a file.

7.5CVSS7.4AI score0.01232EPSS

CVE•added 2016/04/11 2:59 p.m.•44 views

CVE-2016-2163

Cross-site scripting (XSS) vulnerability in Apache OpenMeetings before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the event description when creating an event.

6.1CVSS6.1AI score0.02728EPSS

CVE•added 2016/04/11 2:59 p.m.•39 views

CVE-2016-0783

The sendHashByUser function in Apache OpenMeetings before 3.1.1 generates predictable password reset tokens, which makes it easier for remote attackers to reset arbitrary user passwords by leveraging knowledge of a user name and the current system time.

7.5CVSS7.6AI score0.01465EPSS

CVE•added 2016/08/19 9:59 p.m.•37 views

CVE-2016-3089

Cross-site scripting (XSS) vulnerability in the SWF panel in Apache OpenMeetings before 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the swf parameter.

6.1CVSS6.1AI score0.0087EPSS

CVE•added 2016/04/11 2:59 p.m.•36 views

CVE-2016-0784

Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a .. (dot dot) in a ZIP archive entry.

6.5CVSS6.3AI score0.06065EPSS