HTTP: Apache OpenMeetings Event Description Cross-Site Scripting
This signature detects attempts to exploit a known cross-site scripting vulnerability against Apache OpenMeetings. It is due to insufficient validation of user-supplied input. Attackers can steal cookie-based authentication credentials and launch other attacks.
Extended Description
Cross-site scripting (XSS) vulnerability in Apache OpenMeetings before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the event description when creating an event.
Affected Products
Apache openmeetings
Short Name
HTTP:XSS:APACHE-OPNMTNG-EVNT
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Apache CVE-2016-2163 Cross-Site Description Event OpenMeetings Scripting bid:20160325
Release Date
03/15/2022
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3474
False Positive
Unknown
Vendors
Apache