Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-7666

Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks.

Published

2017-07-17T13:18:29.737

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

8.6

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-79
    CWE-352
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application apache openmeetings 1.0.0 Yes
Application apache openmeetings 2.0 Yes
Application apache openmeetings 2.1 Yes
Application apache openmeetings 2.1.1 Yes
Application apache openmeetings 2.2.0 Yes
Application apache openmeetings 3.0.0 Yes
Application apache openmeetings 3.0.1 Yes
Application apache openmeetings 3.0.2 Yes
Application apache openmeetings 3.0.3 Yes
Application apache openmeetings 3.0.4 Yes
Application apache openmeetings 3.0.5 Yes
Application apache openmeetings 3.0.6 Yes
Application apache openmeetings 3.0.7 Yes
Application apache openmeetings 3.1.0 Yes
Application apache openmeetings 3.1.1 Yes
Application apache openmeetings 3.1.2 Yes
Application apache openmeetings 3.1.3 Yes
Application apache openmeetings 3.1.4 Yes
Application apache openmeetings 3.1.5 Yes
Application apache openmeetings 3.2.0 Yes
Application apache openmeetings 3.2.1 Yes
References