Vulnerabilities (CVE)

Filtered by vendor Apache Subscribe
Filtered by product Openmeetings
Total 24 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-2163 1 Apache 1 Openmeetings 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in Apache OpenMeetings before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the event description when creating an event.
CVE-2016-0784 1 Apache 1 Openmeetings 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a .. (dot dot) in a ZIP archive entry.
CVE-2016-3089 1 Apache 1 Openmeetings 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the SWF panel in Apache OpenMeetings before 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the swf parameter.
CVE-2016-0783 1 Apache 1 Openmeetings 2024-02-28 5.0 MEDIUM 7.5 HIGH
The sendHashByUser function in Apache OpenMeetings before 3.1.1 generates predictable password reset tokens, which makes it easier for remote attackers to reset arbitrary user passwords by leveraging knowledge of a user name and the current system time.