Showing 1 - 1 of 1

CVE-2016-2163

Status Candidate

Overview

Cross-site scripting (XSS) vulnerability in Apache OpenMeetings before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the event description when creating an event.

Related Files

Apache OpenMeetings 3.0.7 Cross Site Scripting: Posted Mar 25, 2016; Authored by Andreas Lindh; When creating an event, it is possible to create clickable URL links in the event description. These links will be present inside the event details once a participant enters the room via the event. It is possible to create a link like "javascript:alert('xss')", which will execute once the link is clicked. As the link is placed within an <a> tag, the actual link is not visible to the end user which makes it hard to tell if the link is legit or not. Apache OpenMeetings versions 1.9.x through 3.0.7 are affected.; tags | advisory, javascript; advisories | CVE-2016-2163; SHA-256 | ae142c09b3506f6a2df2eff1b29727a0f7f4ac41ab39eacb5ce1d1505fe8e1a3; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 291 files
Ubuntu 63 files
LiquidWorm 29 files
indoushka 20 files
Debian 19 files
Apple 10 files
Google Security Research 7 files
Chokri Hammedi 3 files
Jann Horn 3 files
Emiliano Febbi 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,154)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,599)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,795)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,227)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,962)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

CVE-2016-2163

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems