Vulnerabilities > Apache > Openmeetings
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-17 | CVE-2017-7684 | Resource Exhaustion vulnerability in Apache Openmeetings Apache OpenMeetings 1.0.0 doesn't check contents of files being uploaded. | 7.5 |
| 2017-07-17 | CVE-2017-7683 | Information Exposure vulnerability in Apache Openmeetings Apache OpenMeetings 1.0.0 displays Tomcat version and detailed error stack trace, which is not secure. | 7.5 |
| 2017-07-17 | CVE-2017-7682 | Unspecified vulnerability in Apache Openmeetings 3.2.0/3.2.1 Apache OpenMeetings 3.2.0 is vulnerable to parameter manipulation attacks, as a result attacker has access to restricted areas. | 8.2 |
| 2017-07-17 | CVE-2017-7681 | SQL Injection vulnerability in Apache Openmeetings Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. | 8.8 |
| 2017-07-17 | CVE-2017-7680 | Unspecified vulnerability in Apache Openmeetings Apache OpenMeetings 1.0.0 has an overly permissive crossdomain.xml file. | 7.5 |
| 2017-07-17 | CVE-2017-7673 | Improper Restriction of Excessive Authentication Attempts vulnerability in Apache Openmeetings Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection. | 9.8 |
| 2017-07-17 | CVE-2017-7666 | Cross-site Scripting vulnerability in Apache Openmeetings Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks. | 8.8 |
| 2017-07-17 | CVE-2017-7664 | XXE vulnerability in Apache Openmeetings Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0. | 10.0 |
| 2017-07-17 | CVE-2017-7663 | Cross-site Scripting vulnerability in Apache Openmeetings 3.2.0/3.2.1 Both global and Room chat are vulnerable to XSS attack in Apache OpenMeetings 3.2.0. | 6.1 |
| 2016-08-19 | CVE-2016-3089 | Cross-site Scripting vulnerability in Apache Openmeetings Cross-site scripting (XSS) vulnerability in the SWF panel in Apache OpenMeetings before 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the swf parameter. | 6.1 |