Vulnerabilities > Apache > Openmeetings > 3.1.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-17 | CVE-2017-7680 | Unspecified vulnerability in Apache Openmeetings Apache OpenMeetings 1.0.0 has an overly permissive crossdomain.xml file. | 5.0 |
| 2017-07-17 | CVE-2017-7673 | Improper Restriction of Excessive Authentication Attempts vulnerability in Apache Openmeetings Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection. | 5.0 |
| 2017-07-17 | CVE-2017-7666 | Cross-Site Request Forgery (CSRF) vulnerability in Apache Openmeetings Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks. | 6.8 |
| 2017-07-17 | CVE-2017-7664 | XXE vulnerability in Apache Openmeetings Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0. | 7.5 |
| 2016-08-19 | CVE-2016-3089 | Cross-site Scripting vulnerability in Apache Openmeetings Cross-site scripting (XSS) vulnerability in the SWF panel in Apache OpenMeetings before 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the swf parameter. | 4.3 |
| 2016-04-11 | CVE-2016-2164 | Information Exposure vulnerability in Apache Openmeetings The (1) FileService.importFileByInternalUserId and (2) FileService.importFile SOAP API methods in Apache OpenMeetings before 3.1.1 improperly use the Java URL class without checking the specified protocol handler, which allows remote attackers to read arbitrary files by attempting to upload a file. | 5.0 |
| 2016-04-11 | CVE-2016-2163 | Cross-site Scripting vulnerability in Apache Openmeetings Cross-site scripting (XSS) vulnerability in Apache OpenMeetings before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the event description when creating an event. | 4.3 |
| 2016-04-11 | CVE-2016-0784 | Path Traversal vulnerability in Apache Openmeetings Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a .. | 4.0 |
| 2016-04-11 | CVE-2016-0783 | Information Exposure vulnerability in Apache Openmeetings The sendHashByUser function in Apache OpenMeetings before 3.1.1 generates predictable password reset tokens, which makes it easier for remote attackers to reset arbitrary user passwords by leveraging knowledge of a user name and the current system time. | 5.0 |