CVE-2023-20133Cross-site Scripting in Cisco Webex Meetings

CWE-79Cross-site ScriptingCWE-352Cross-Site Request Forgery4 documents4 sources
Severity
5.4MEDIUMNVD
EPSS
0.1%
top 66.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Webex MeetingsCisco Webex Meetings
Timeline
PublishedJul 7

Description

A vulnerability in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because of insufficient validation of user-supplied input in Webex Events (classic) programs, email templates, and survey questions. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execu

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

NVDcisco/webex_meetings32 versions+31
CVEListV5cisco/cisco_webex_meetings32 versions+31

🔴Vulnerability Details

2
GHSA
GHSA-rcq7-jcwj-8f59: A vulnerability in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting (X2023-07-07
CVEList
CVE-2023-20133: A vulnerability in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting (X2023-07-07

📋Vendor Advisories

1
Cisco
Cisco Webex Meetings Web UI Vulnerabilities2023-07-05
CVE-2023-20133 — Cross-site Scripting in Cisco | cvebase