PT-2017-17872 · Apache · Apache Openmeetings
Published
2017-07-14
·
Updated
2022-05-17
·
CVE-2017-7666
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Apache OpenMeetings versions 1.0.0 through 3.2.x
Description
The issue allows for Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks.
Recommendations
For versions 1.0.0 through 3.2.x, update to version 3.3.0 to resolve the issue.
Fix
CSRF
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Apache Openmeetings