CVE-2020-26067Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Cisco Webex Teams

CWE-80Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)4 documents4 sources
Severity
5.4MEDIUMNVD
EPSS
21.1%
top 4.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Webex Teams
Timeline
PublishedNov 18

Description

A vulnerability in the web-based interface of Cisco Webex Teams could allow an authenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of usernames. An attacker could exploit this vulnerability by creating an account that contains malicious HTML or script content and joining a space using the malicious account name. A successful exploit could allow the attacker to conduct cross-site scripting attacks and potentially gain access to s

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-xhwg-j3rh-2ffw: A vulnerability in the web-based interface of Cisco Webex Teams could allow an authenticated, remote attacker to conduct cross-site scripting attacks2024-11-18
CVEList
Cisco Webex Teams Web Interface Cross-Site Scripting Vulnerability2024-11-18

📋Vendor Advisories

1
Cisco
Cisco Webex Teams Web Interface Cross-Site Scripting Vulnerability2020-11-04
CVE-2020-26067 — Cisco Webex Teams vulnerability | cvebase