Insecure Cross-Domain Policy in Apache OpenMeetings
CVE-2017-7680
7.5HIGH
What is CVE-2017-7680?
Apache OpenMeetings 1.0.0 contains an insecure configuration in its crossdomain.xml file, which allows Flash content to be loaded from untrusted domains. This misconfiguration can expose users to various security risks, including data theft or malicious attacks, as it permits unauthorized access to resources hosted on the application.
Affected Version(s)
Apache OpenMeetings 1.0.0