Cross-Site Scripting Vulnerability in Cisco Webex
CVE-2025-20246

6.1MEDIUM

Key Information:

Vendor

Cisco
Status
Cisco Webex Meetings
Vendor
CVE Published:
21 May 2025

Badges

đź‘ľ Exploit Exists

What is CVE-2025-20246?

A vulnerability in Cisco Webex arises from improper filtering of user-supplied input, enabling an unauthenticated, remote attacker to potentially execute a cross-site scripting (XSS) attack. By persuading a user to click on a malicious link, an attacker could successfully perform unauthorized actions within the context of the user’s session. This highlights the importance of implementing robust input validation measures to safeguard against such exploits.

Affected Version(s)

Cisco Webex Meetings

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • đź‘ľ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-20246 : Cross-Site Scripting Vulnerability in Cisco Webex