| Max CVSS | 5.0 | Min CVSS | 4.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2017-15719 | 4.3 |
In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M8 and earlier, a security issue has been discovered in the WYSIWYG editor that allows an attacker to submit arbitrary JS code to WYSIWYG editor.
|
12-06-2019 - 14:37 | 12-03-2018 - 13:29 | |
| CVE-2016-3089 | 4.3 |
Cross-site scripting (XSS) vulnerability in the SWF panel in Apache OpenMeetings before 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the swf parameter.
|
09-10-2018 - 19:59 | 19-08-2016 - 21:59 | |
| CVE-2016-2163 | 4.3 |
Cross-site scripting (XSS) vulnerability in Apache OpenMeetings before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the event description when creating an event.
|
09-10-2018 - 19:59 | 11-04-2016 - 14:59 | |
| CVE-2016-2164 | 5.0 |
The (1) FileService.importFileByInternalUserId and (2) FileService.importFile SOAP API methods in Apache OpenMeetings before 3.1.1 improperly use the Java URL class without checking the specified protocol handler, which allows remote attackers to rea
|
09-10-2018 - 19:59 | 11-04-2016 - 14:59 | |
| CVE-2016-0784 | 4.0 |
Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a .. (dot dot) in a ZIP archive entry.
|
09-10-2018 - 19:58 | 11-04-2016 - 14:59 | |
| CVE-2016-0783 | 5.0 |
The sendHashByUser function in Apache OpenMeetings before 3.1.1 generates predictable password reset tokens, which makes it easier for remote attackers to reset arbitrary user passwords by leveraging knowledge of a user name and the current system ti
|
09-10-2018 - 19:58 | 11-04-2016 - 14:59 |