CVE-2020-3345

CWE-20Improper Input Validation4 documents4 sources
Severity
4.3MEDIUM
EPSS
0.5%
top 32.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Webex MeetingsCisco Webex Meetings ServerCisco Cisco Webex Meetings Server
Timeline
PublishedJul 16
Latest updateMay 24

Description

A vulnerability in certain web pages of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to modify a web page in the context of a browser. The vulnerability is due to improper checks on parameter values within affected pages. An attacker could exploit this vulnerability by persuading a user to follow a crafted link that is designed to pass HTML code into an affected parameter. A successful exploit could allow the attacker to alter the contents

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

NVDcisco/webex_meetings< 40.6.0

🔴Vulnerability Details

2
GHSA
GHSA-8qwq-9r56-cp3v: A vulnerability in certain web pages of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to modify2022-05-24
CVEList
Cisco Webex Meetings and Cisco Webex Meetings Server HTML Injection Vulnerability2020-07-16

📋Vendor Advisories

1
Cisco
Cisco Webex Meetings and Cisco Webex Meetings Server HTML Injection Vulnerability2020-07-15
CVE-2020-3345 (MEDIUM CVSS 4.3) | A vulnerability in certain web page | cvebase.io