Cross-Site Scripting Vulnerability in Cisco WebEx Meetings Server
CVE-2017-12257

6.1MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Webex Meetings Server
Vendor: CVE Published:; 5 October 2017

Summary

A vulnerability in the web framework of Cisco WebEx Meetings Server can enable remote attackers to perform cross-site scripting (XSS) attacks. This flaw arises from inadequate input validation of certain parameters processed by the web server. By persuading users to click on malicious links or by intercepting their requests, attackers can inject malicious scripts. A successful attack could allow attackers to run arbitrary scripts within the context of the user's web interface, potentially accessing sensitive information stored in the browser.

Affected Version(s)

Cisco WebEx Meetings Server Cisco WebEx Meetings Server

References

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/101167

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 5, 2017
Vulnerability Reserved
Aug 3, 2017