Total
24 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-2163 | 1 Apache | 1 Openmeetings | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in Apache OpenMeetings before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the event description when creating an event. | |||||
CVE-2016-0784 | 1 Apache | 1 Openmeetings | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a .. (dot dot) in a ZIP archive entry. | |||||
CVE-2016-3089 | 1 Apache | 1 Openmeetings | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the SWF panel in Apache OpenMeetings before 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the swf parameter. | |||||
CVE-2016-0783 | 1 Apache | 1 Openmeetings | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The sendHashByUser function in Apache OpenMeetings before 3.1.1 generates predictable password reset tokens, which makes it easier for remote attackers to reset arbitrary user passwords by leveraging knowledge of a user name and the current system time. |