Cross-Site Scripting Vulnerability in Cisco Webex Meetings
CVE-2026-20233

6.1MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Webex Meetings
Vendor: CVE Published:; 3 June 2026

Badges

👾 Exploit Exists

What is CVE-2026-20233?

A vulnerability in the web-based user interface of Cisco Webex Meetings could have allowed unauthenticated remote attackers to carry out cross-site scripting (XSS) attacks. This issue stemmed from inadequate validation of user input. By luring users to click on a malicious link, an attacker could exploit this weakness to execute arbitrary script code in the victim's browser or access sensitive information stored in the browser. Cisco has proactively addressed this vulnerability, ensuring that no customer action is required.

Affected Version(s)

Cisco Webex Meetings 39.7.7

Cisco Webex Meetings 39.9

Cisco Webex Meetings 40.4.10

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Jun 3, 2026
Vulnerability published
Jun 3, 2026
Vulnerability Reserved
Oct 8, 2025

CVE-2026-20233 Data

JSON