CVE-2023-20134 — Improper Input Validation in Cisco Webex Meetings

CWE-20 — Improper Input Validation CWE-434 — Unrestricted File Upload CWE-79 — Cross-site Scripting4 documents4 sources

Severity

6.5MEDIUMNVD

CNA5.4

EPSS

0.2%

top 62.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Webex Meetings

Timeline

PublishedApr 5

Description

Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack or upload arbitrary files as recordings. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

▶CVEListV5cisco/cisco_webex_meetingsn/a

🔴Vulnerability Details

CVEList

Cisco Webex Meetings Web UI Vulnerabilities↗2023-04-05

▶

GHSA

GHSA-79hf-2h3j-xg27: Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scr↗2023-04-05

▶

📋Vendor Advisories

Cisco

Cisco Webex Meetings Web UI Vulnerabilities↗2023-04-05

▶