CVE-2022-20852 — UI Misrepresentation / Clickjacking in Cisco Webex Meetings

CWE-1021 — UI Misrepresentation / Clickjacking CWE-20 — Improper Input Validation CWE-79 — Cross-site Scripting4 documents4 sources

Severity

6.5MEDIUMNVD

CNA5.4

EPSS

0.2%

top 64.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Webex Meetings

Timeline

PublishedAug 10

Latest updateAug 11

Description

Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow a remote attacker to conduct a cross-site scripting (XSS) attack or a frame hijacking attack against a user of the web interface. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

▶CVEListV5cisco/cisco_webex_meetingsn/a

🔴Vulnerability Details

GHSA

GHSA-v6mw-975h-x9gw: Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow a remote attacker to conduct a cross-site scripting (XSS) attack or↗2022-08-11

▶

CVEList

Cisco Webex Meetings Web Interface Vulnerabilities↗2022-08-10

▶

📋Vendor Advisories

Cisco

Cisco Webex Meetings Web Interface Vulnerabilities↗2022-08-03

▶