CVE-2017-7680

EUVD-2022-4889
Apache OpenMeetings 1.0.0 has an overly permissive crossdomain.xml file. This allows for flash content to be loaded from untrusted domains.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
Affected Products (NVD)
VendorProductVersion
apacheopenmeetings
1.0.0
apacheopenmeetings
2.0
apacheopenmeetings
2.1
apacheopenmeetings
2.1.1
apacheopenmeetings
2.2.0
apacheopenmeetings
3.0.0
apacheopenmeetings
3.0.1
apacheopenmeetings
3.0.2
apacheopenmeetings
3.0.3
apacheopenmeetings
3.0.4
apacheopenmeetings
3.0.5
apacheopenmeetings
3.0.6
apacheopenmeetings
3.0.7
apacheopenmeetings
3.1.0
apacheopenmeetings
3.1.1
apacheopenmeetings
3.1.2
apacheopenmeetings
3.1.3
apacheopenmeetings
3.1.4
apacheopenmeetings
3.1.5
apacheopenmeetings
3.2.0
apacheopenmeetings
3.2.1
𝑥
= Vulnerable software versions
References
http://markmail.org/message/whhibri7ervbjvda
http://markmail.org/message/whhibri7ervbjvda