Skip to main content

Openmeetings CVE-2017-7666

HIGH
Cross-site Scripting (XSS) (CWE-79)
2017-07-17 security@apache.org
8.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jul 17, 2017 - 13:18 cve.org
HIGH 8.8

DescriptionCVE.org

Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks.

AnalysisAI

Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks. Affected products include: Apache Openmeetings.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2016-0784 MEDIUM POC
6.5 Apr 11

Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1

CVE-2020-13951 HIGH POC
7.5 Sep 30

Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial of service attack. Ra

CVE-2016-8736 CRITICAL
9.8 Oct 12

Apache OpenMeetings before 3.1.2 is vulnerable to Remote Code Execution via RMI deserialization attack. Rated critical s

CVE-2017-7664 CRITICAL
10.0 Jul 17

Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0. Rated critical severity (CVSS 10.0), t

CVE-2017-7673 CRITICAL
9.8 Jul 17

Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget pas

CVE-2023-28326 CRITICAL
9.8 Mar 28

Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Description: Attac

CVE-2017-7681 HIGH
8.8 Jul 17

Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely

CVE-2017-7682 HIGH
8.2 Jul 17

Apache OpenMeetings 3.2.0 is vulnerable to parameter manipulation attacks, as a result attacker has access to restricted

CVE-2023-29032 HIGH
8.1 May 12

An attacker that has gained access to certain private information can use this to act as other user. Rated high severity

CVE-2017-7684 HIGH
7.5 Jul 17

Apache OpenMeetings 1.0.0 doesn't check contents of files being uploaded. Rated high severity (CVSS 7.5), this vulnerabi

CVE-2017-7680 HIGH
7.5 Jul 17

Apache OpenMeetings 1.0.0 has an overly permissive crossdomain.xml file. Rated high severity (CVSS 7.5), this vulnerabil

CVE-2016-2164 HIGH
7.5 Apr 11

The (1) FileService.importFileByInternalUserId and (2) FileService.importFile SOAP API methods in Apache OpenMeetings be

Share

CVE-2017-7666 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy