{"url":"http://public2.vulnerablecode.io/api/packages/52623?format=json","purl":"pkg:maven/org.apache.openmeetings/openmeetings-parent@3.1.2","type":"maven","namespace":"org.apache.openmeetings","name":"openmeetings-parent","version":"3.1.2","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"3.3.0","latest_non_vulnerable_version":"7.1.0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38066?format=json","vulnerability_id":"VCID-13a5-bd9x-g7c1","summary":"Cross-site Scripting\nA Cross-site scripting (XSS) vulnerability in Apache OpenMeetings allows remote attackers to inject arbitrary web script or HTML via the event description when creating an event.","references":[{"reference_url":"http://openmeetings.apache.org/security.html","reference_id":"","reference_type":"","scores":[],"url":"http://openmeetings.apache.org/security.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2163","reference_id":"CVE-2016-2163","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2163"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52623?format=json","purl":"pkg:maven/org.apache.openmeetings/openmeetings-parent@3.1.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@3.1.2"}],"aliases":["CVE-2016-2163"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-13a5-bd9x-g7c1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38068?format=json","vulnerability_id":"VCID-h2vq-z9kt-5fe2","summary":"Information Exposure\nThe (1) `FileService.importFileByInternalUserId` and (2) `FileService.importFile` SOAP API methods in Apache OpenMeetings improperly use the Java URL class without checking the specified protocol handler, which allows remote attackers to read arbitrary files by attempting to upload a file.","references":[{"reference_url":"http://openmeetings.apache.org/security.html","reference_id":"","reference_type":"","scores":[],"url":"http://openmeetings.apache.org/security.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2164","reference_id":"CVE-2016-2164","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2164"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52623?format=json","purl":"pkg:maven/org.apache.openmeetings/openmeetings-parent@3.1.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@3.1.2"}],"aliases":["CVE-2016-2164"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h2vq-z9kt-5fe2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38196?format=json","vulnerability_id":"VCID-r6n7-g747-a7cm","summary":"Cross-site Scripting\nCross-site scripting (XSS) vulnerability in the SWF panel in Apache OpenMeetings allows remote attackers to inject arbitrary web script or HTML via the `swf` parameter.","references":[{"reference_url":"http://openmeetings.apache.org/security.html","reference_id":"","reference_type":"","scores":[],"url":"http://openmeetings.apache.org/security.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3089","reference_id":"CVE-2016-3089","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3089"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52623?format=json","purl":"pkg:maven/org.apache.openmeetings/openmeetings-parent@3.1.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@3.1.2"}],"aliases":["CVE-2016-3089"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r6n7-g747-a7cm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43911?format=json","vulnerability_id":"VCID-wzcc-gkzc-u3cp","summary":"Deserialization of Untrusted Data\nApache OpenMeetings before 3.1.2 is vulnerable to Remote Code Execution via RMI deserialization attack.","references":[{"reference_url":"http://openmeetings.markmail.org/thread/tr47byaaopnemvne","reference_id":"","reference_type":"","scores":[],"url":"http://openmeetings.markmail.org/thread/tr47byaaopnemvne"},{"reference_url":"http://www.securityfocus.com/bid/94145","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94145"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-8736","reference_id":"CVE-2016-8736","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-8736"},{"reference_url":"https://github.com/advisories/GHSA-6cpg-3w7f-j67q","reference_id":"GHSA-6cpg-3w7f-j67q","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6cpg-3w7f-j67q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52623?format=json","purl":"pkg:maven/org.apache.openmeetings/openmeetings-parent@3.1.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@3.1.2"}],"aliases":["CVE-2016-8736","GHSA-6cpg-3w7f-j67q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wzcc-gkzc-u3cp"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@3.1.2"}