PT-2017-17879 · Apache · Apache Openmeetings

Published

2017-07-14

Updated

2022-05-13

CVE-2017-7680

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Apache OpenMeetings version 1.0.0

Description The issue is related to an overly permissive crossdomain.xml file, which allows flash content to be loaded from untrusted domains.

Recommendations For Apache OpenMeetings version 1.0.0, consider restricting access to the crossdomain.xml file to prevent loading of flash content from untrusted domains until a more restrictive configuration or update is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2017-7680

GHSA-Q52R-G8JF-WV3X

Affected Products

Apache Openmeetings

PT-2017-17879 · Apache · Apache Openmeetings

CVE-2017-7680

Related Identifiers

Affected Products

References · 5