CVE-2021-1221

CWE-20Improper Input ValidationCWE-745 documents5 sources
Severity
4.1MEDIUM
EPSS
0.4%
top 40.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Webex MeetingsCisco Webex Meetings ServerCisco Cisco Webex Meetings Server
Timeline
PublishedFeb 4
Latest updateMay 24

Description

A vulnerability in the user interface of Cisco Webex Meetings and Cisco Webex Meetings Server Software could allow an authenticated, remote attacker to inject a hyperlink into a meeting invitation email. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by entering a URL into a field in the user interface. A successful exploit could allow the attacker to generate a Webex Meetings invitation email that contains a link to a destination of their

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:NExploitability: 2.3 | Impact: 1.4

Affected Packages3 packages

NVDcisco/webex_meetings< 41.1.0

🔴Vulnerability Details

2
GHSA
GHSA-9qvw-hfpr-cvx6: A vulnerability in the user interface of Cisco Webex Meetings and Cisco Webex Meetings Server Software could allow an authenticated, remote attacker t2022-05-24
CVEList
Cisco Webex Meetings and Cisco Webex Meetings Server Software Hyperlink Injection Vulnerability2021-02-04

💥Exploits & PoCs

1
Exploit-DB
Microworld eScan Server 9.0.742 - Directory Traversal2008-03-06

📋Vendor Advisories

1
Cisco
Cisco Webex Meetings and Cisco Webex Meetings Server Software Hyperlink Injection Vulnerability2021-02-03
CVE-2021-1221 (MEDIUM CVSS 4.1) | A vulnerability in the user interfa | cvebase.io