CVE-2017-7673 — CVSS 9.8 (critical): Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and…
CVE-2024-54676 — CVSS 9.8 (critical): Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0 Description: Default clustering…
CVE-2023-28326 — CVSS 9.8 (critical): Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Description: Attacker can elevate…
CVE-2016-8736 — CVSS 9.8 (critical): Apache OpenMeetings before 3.1.2 is vulnerable to Remote Code Execution via RMI deserialization attack.
CVE-2017-7666 — CVSS 8.8 (high): Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks.
CVE-2017-7681 — CVSS 8.8 (high): Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and…
CVE-2017-7682 — CVSS 8.2 (high): Apache OpenMeetings 3.2.0 is vulnerable to parameter manipulation attacks, as a result attacker has access to restricted areas.
CVE-2023-29032 — CVSS 8.1 (high): An attacker that has gained access to certain private information can use this to act as other user. Vendor: The Apache Software Foundation…
CVE-2026-34020 — CVSS 7.5 (high): Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings. The REST login endpoint uses HTTP GET method…
CVE-2016-2164 — CVSS 7.5 (high): The (1) FileService.importFileByInternalUserId and (2) FileService.importFile SOAP API methods in Apache OpenMeetings before 3.1.1…
CVE-2017-7680 — CVSS 7.5 (high): Apache OpenMeetings 1.0.0 has an overly permissive crossdomain.xml file. This allows for flash content to be loaded from untrusted domains.
CVE-2017-7683 — CVSS 7.5 (high): Apache OpenMeetings 1.0.0 displays Tomcat version and detailed error stack trace, which is not secure.
CVE-2017-7684 — CVSS 7.5 (high): Apache OpenMeetings 1.0.0 doesn't check contents of files being uploaded. An attacker can cause a denial of service by uploading multiple…
CVE-2020-13951 — CVSS 7.5 (high): Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial of service attack.
CVE-2021-27576 — CVSS 7.5 (high): If was found that the NetTest web service can be used to overload the bandwidth of a Apache OpenMeetings server. This issue was addressed…
CVE-2026-33266 — CVSS 7.5 (high): Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings. The remember-me cookie encryption key is set to default value in…
CVE-2016-0783 — CVSS 7.5 (high): The sendHashByUser function in Apache OpenMeetings before 3.1.1 generates predictable password reset tokens, which makes it easier for…
CVE-2023-29246 — CVSS 7.2 (high): An attacker who has gained access to an admin account can perform RCE via null-byte injection Vendor: The Apache Software Foundation…
CVE-2016-0784 — CVSS 6.5 (medium): Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote…
CVE-2018-1286 — CVSS 6.5 (medium): In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged users are not password protected allowing an authenticated attacker to…
CVE-2016-2163 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in Apache OpenMeetings before 3.1.1 allows remote attackers to inject arbitrary web script or HTML…
CVE-2016-3089 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in the SWF panel in Apache OpenMeetings before 3.1.2 allows remote attackers to inject arbitrary…
CVE-2017-7685 — CVSS 5.3 (medium): Apache OpenMeetings 1.0.0 responds to the following insecure HTTP methods: PUT, DELETE, HEAD, and PATCH.
CVE-2023-28936 — CVSS 5.3 (medium): Attacker can access arbitrary recording/room Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0…
CVE-2026-33005 — CVSS 4.3 (medium): Improper Handling of Insufficient Privileges vulnerability in Apache OpenMeetings. Any registered user can query web service with their…