Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks. The issue is fixed in version 3.3.0.

Affected Packages

Maven org.apache.openmeetings:openmeetings-parent

Affected versions: 1.0.0 (fixed in 3.3.0)

Related CVEs

CVE-2017-7666

Key Information

GHSA ID

GHSA-m5pm-rgvf-vg22

Published

May 17, 2022 2:28 AM

Last Modified

November 22, 2022 6:56 PM

CVSS Score

7.5 /10

Primary Ecosystem

Maven

Primary Package

org.apache.openmeetings:openmeetings-parent

GitHub Reviewed

✓ Yes

Dataset

Last updated: September 13, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.