Vulnerabilities > Apache > Openmeetings > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-05-12 CVE-2023-28936 Unspecified vulnerability in Apache Openmeetings
Attacker can access arbitrary recording/room Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0
network
low complexity
apache
5.3
2018-02-28 CVE-2018-1286 Improper Authentication vulnerability in Apache Openmeetings
In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users.
network
low complexity
apache CWE-287
6.5
2017-07-17 CVE-2017-7685 Unspecified vulnerability in Apache Openmeetings
Apache OpenMeetings 1.0.0 responds to the following insecure HTTP methods: PUT, DELETE, HEAD, and PATCH.
network
low complexity
apache
5.3
2017-07-17 CVE-2017-7663 Cross-site Scripting vulnerability in Apache Openmeetings 3.2.0/3.2.1
Both global and Room chat are vulnerable to XSS attack in Apache OpenMeetings 3.2.0.
network
low complexity
apache CWE-79
6.1
2016-08-19 CVE-2016-3089 Cross-site Scripting vulnerability in Apache Openmeetings
Cross-site scripting (XSS) vulnerability in the SWF panel in Apache OpenMeetings before 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the swf parameter.
network
low complexity
apache CWE-79
6.1
2016-04-11 CVE-2016-2163 Cross-site Scripting vulnerability in Apache Openmeetings
Cross-site scripting (XSS) vulnerability in Apache OpenMeetings before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the event description when creating an event.
network
low complexity
apache CWE-79
6.1
2016-04-11 CVE-2016-0784 Path Traversal vulnerability in Apache Openmeetings
Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a ..
network
low complexity
apache CWE-22
6.5