CVE-2017-7666

Published: Jul 17, 2017Modified: May 13, 2026

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks.

Affected (21)

Products: Apache: Openmeetings

1 product

Configuration A

21 vulnerable

Vulnerable Software	Affected Versions
Apache Openmeetings	Version 1.0.0
Apache Openmeetings	Version 2.0
Apache Openmeetings	Version 2.1.1
Apache Openmeetings	Version 2.1
Apache Openmeetings	Version 2.2.0
Apache Openmeetings	Version 3.0.0
Apache Openmeetings	Version 3.0.1
Apache Openmeetings	Version 3.0.2
Apache Openmeetings	Version 3.0.3
Apache Openmeetings	Version 3.0.4
Apache Openmeetings	Version 3.0.5
Apache Openmeetings	Version 3.0.6
Apache Openmeetings	Version 3.0.7
Apache Openmeetings	Version 3.1.0
Apache Openmeetings	Version 3.1.1
Apache Openmeetings	Version 3.1.2
Apache Openmeetings	Version 3.1.3
Apache Openmeetings	Version 3.1.4
Apache Openmeetings	Version 3.1.5
Apache Openmeetings	Version 3.2.0
Apache Openmeetings	Version 3.2.1

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

http://markmail.org/message/fkesu4e5hhz5xdbg

Source: security@apache.org

Mailing ListThird Party Advisory

http://markmail.org/message/fkesu4e5hhz5xdbg

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

Timeline

No history available yet.