Stored Cross-Site Scripting Vulnerability in Cisco Webex Meetings
CVE-2023-20133

5.4MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Webex Meetings
Vendor: CVE Published:; 7 July 2023

Badges

👾 Exploit Exists

Summary

A security flaw in the web interface of Cisco Webex Meetings allows authenticated, remote attackers to execute stored cross-site scripting (XSS) attacks. This vulnerability arises from inadequate validation of user-supplied data within Webex Events (classic) applications, email templates, and survey questions. An attacker can exploit this by convincing a user to click on a crafted link, enabling the execution of malicious scripts within the browser context of the target user. This exploitation may lead to unauthorized access to sensitive information stored in the browser.

Affected Version(s)

Cisco Webex Meetings 39.10

Cisco Webex Meetings 39.11

Cisco Webex Meetings 39.6

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

👾
Exploit known to exist
Oct 23, 2024
Vulnerability published
Jul 7, 2023
Vulnerability Reserved
Oct 27, 2022