CVE-2017-7666

CWE-79Cross-site Scripting (XSS)CWE-352Cross-Site Request Forgery (CSRF)4 documents4 sources
Severity
8.8HIGH
EPSS
0.2%
top 62.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache OpenmeetingsApache Openmeetings
Timeline
PublishedJul 17
Latest updateMay 17

Description

Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

NVDapache/openmeetings21 versions+20

🔴Vulnerability Details

3
GHSA
Apache OpenMeetings vulnerable to Cross-Site Request Forgery2022-05-17
OSV
Apache OpenMeetings vulnerable to Cross-Site Request Forgery2022-05-17
CVEList
CVE-2017-7666: Apache OpenMeetings 12017-07-14
CVE-2017-7666 (HIGH CVSS 8.8) | Apache OpenMeetings 1.0.0 is vulner | cvebase.io