Vulnerability Details CVE-2016-3089
Cross-site scripting (XSS) vulnerability in the SWF panel in Apache OpenMeetings before 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the swf parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.3%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://openmeetings.apache.org/security.html
- http://packetstormsecurity.com/files/138313/Apache-OpenMeetings-3.1.0-Cross-Site-Scripting.html
- http://www.securityfocus.com/archive/1/539192/100/0/threaded
- http://www.securityfocus.com/bid/92442
- https://www.apache.org/dist/openmeetings/3.1.2/CHANGELOG
- http://openmeetings.apache.org/security.html
- http://packetstormsecurity.com/files/138313/Apache-OpenMeetings-3.1.0-Cross-Site-Scripting.html
- http://www.securityfocus.com/archive/1/539192/100/0/threaded
- http://www.securityfocus.com/bid/92442
- https://www.apache.org/dist/openmeetings/3.1.2/CHANGELOG
Products affected by CVE-2016-3089
-
cpe:2.3:a:apache:openmeetings:1.0.0
-
cpe:2.3:a:apache:openmeetings:2.0
-
cpe:2.3:a:apache:openmeetings:2.1
-
cpe:2.3:a:apache:openmeetings:2.1.1
-
cpe:2.3:a:apache:openmeetings:2.2.0
-
cpe:2.3:a:apache:openmeetings:3.0.0
-
cpe:2.3:a:apache:openmeetings:3.0.1
-
cpe:2.3:a:apache:openmeetings:3.0.2
-
cpe:2.3:a:apache:openmeetings:3.0.3
-
cpe:2.3:a:apache:openmeetings:3.0.4
-
cpe:2.3:a:apache:openmeetings:3.0.5
-
cpe:2.3:a:apache:openmeetings:3.0.6
-
cpe:2.3:a:apache:openmeetings:3.0.7
-
cpe:2.3:a:apache:openmeetings:3.1.0
-
cpe:2.3:a:apache:openmeetings:3.1.1