Stored Cross-Site Scripting Vulnerability in Cisco Webex Meetings
CVE-2023-20133

5.4MEDIUM

Key Information:

Vendor

Cisco
Status
Cisco Webex Meetings
Vendor
CVE Published:
7 July 2023

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2023-20133?

A security flaw in the web interface of Cisco Webex Meetings allows authenticated, remote attackers to execute stored cross-site scripting (XSS) attacks. This vulnerability arises from inadequate validation of user-supplied data within Webex Events (classic) applications, email templates, and survey questions. An attacker can exploit this by convincing a user to click on a crafted link, enabling the execution of malicious scripts within the browser context of the target user. This exploitation may lead to unauthorized access to sensitive information stored in the browser.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Cisco Webex Meetings 39.10

Cisco Webex Meetings 39.11

Cisco Webex Meetings 39.6

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.