Cisco Webex Business Suite Content Injection Vulnerability
CVE-2019-1680

4.3MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Webex Business Suite
Vendor: CVE Published:; 7 February 2019

Badges

👾 Exploit Exists

Summary

A vulnerability in Cisco Webex Business Suite could allow an unauthenticated, remote attacker to inject arbitrary text into a user's browser. The vulnerability is due to improper validation of input. An attacker could exploit this vulnerability by convincing a targeted user to view a malicious URL. A successful exploit could allow the attacker to inject arbitrary text into the user's browser. The attacker could use the content injection to conduct spoofing attacks. Versions prior than 3.0.9 are affected.

Affected Version(s)

Cisco Webex Business Suite < 3.0.9

References

http://www.securityfocus.com/bid/106939

vdb-entryx_refsource_BID

https://tools.cisco.com/security/center/content/CiscoSecu...

vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Aug 4, 2024
Vulnerability published
Feb 7, 2019
Vulnerability Reserved
Dec 6, 2018