Cisco Webex Meetings Vulnerability Allows Cross-Site Scripting Attacks
CVE-2022-20654

6.1MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Webex Meetings
Vendor: CVE Published:; 15 November 2024

What is CVE-2022-20654?

A cross-site scripting vulnerability exists in the web-based interface of Cisco Webex Meetings, enabling an unauthenticated, remote attacker to perform malicious actions. This issue arises from the insufficient validation of user-supplied input, which can be exploited when an unsuspecting user clicks on a specially crafted link. If successfully exploited, an attacker could execute arbitrary script code within the affected interface, potentially accessing sensitive browser-based information. Cisco has released software updates to mitigate this vulnerability, and no workarounds are currently available.

Affected Version(s)

Cisco Webex Meetings 39.7.7

Cisco Webex Meetings 39.9

Cisco Webex Meetings 40.4.10

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 15, 2024
Vulnerability Reserved
Nov 2, 2021