CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
49.1%
A vulnerability in the administration portal page of the Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks.
The vulnerability is due to insufficient validation of user-supplied input submitted to the administration portal page of the affected software. An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to visit a malicious website. If successful, the attacker could conduct an XSS attack and execute arbitrary scripts in the user’s browser session or gain access to sensitive information.
Cisco has confirmed the vulnerability and released software updates.
To exploit the vulnerability, the attacker may provide a link that directs a user to a malicious site and use misleading language or instructions to persuade the user to follow the link.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | webex_meetings_server | any | cpe:2.3:a:cisco:webex_meetings_server:any:*:*:*:*:*:*:* |