Cross-Site Scripting Vulnerability in Cisco Webex Meetings User Profiles
CVE-2025-20328

5.4MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Webex Meetings
Vendor: CVE Published:; 3 September 2025

Badges

👾 Exploit Exists

What is CVE-2025-20328?

A vulnerability in the user profile component of Cisco Webex Meetings has the potential to allow an authenticated, remote attacker with low privileges to perform a cross-site scripting (XSS) attack. This issue arises from inadequate validation of user input within the web-based interface, which could be exploited if a user is lured into clicking a malicious link. A successful attack could compromise user data and privacy. Cisco has patched the vulnerability, ensuring that no action is needed from customers to protect their accounts.

Affected Version(s)

Cisco Webex Meetings

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Sep 3, 2025
Vulnerability published
Sep 3, 2025
Vulnerability Reserved
Oct 10, 2024