Vulnerabilities > Apache > Openmeetings > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-12 | CVE-2023-28936 | Incorrect Comparison vulnerability in Apache Openmeetings Attacker can access arbitrary recording/room Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0 | 5.3 |
| 2018-02-28 | CVE-2018-1286 | Improper Authentication vulnerability in Apache Openmeetings In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users. | 6.5 |
| 2017-07-17 | CVE-2017-7685 | Unspecified vulnerability in Apache Openmeetings Apache OpenMeetings 1.0.0 responds to the following insecure HTTP methods: PUT, DELETE, HEAD, and PATCH. | 5.3 |
| 2017-07-17 | CVE-2017-7663 | Cross-site Scripting vulnerability in Apache Openmeetings 3.2.0/3.2.1 Both global and Room chat are vulnerable to XSS attack in Apache OpenMeetings 3.2.0. | 6.1 |
| 2016-08-19 | CVE-2016-3089 | Cross-site Scripting vulnerability in Apache Openmeetings Cross-site scripting (XSS) vulnerability in the SWF panel in Apache OpenMeetings before 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the swf parameter. | 6.1 |
| 2016-04-11 | CVE-2016-2163 | Cross-site Scripting vulnerability in Apache Openmeetings Cross-site scripting (XSS) vulnerability in Apache OpenMeetings before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the event description when creating an event. | 6.1 |
| 2016-04-11 | CVE-2016-0784 | Path Traversal vulnerability in Apache Openmeetings Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a .. | 6.5 |