CVE-2025-20328

CWE-79 — Cross-site Scripting (XSS)CWE-78 — OS Command Injection5 documents5 sources

Severity

5.4MEDIUM

EPSS

0.0%

top 91.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Webex Meetings

Timeline

PublishedSep 3

Latest updateSep 10

Description

A vulnerability in the user profile component of Cisco Webex Meetings could have allowed an authenticated, remote attacker with low privileges to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. Cisco has addressed this vulnerability in the Cisco Webex Meetings service, and no customer action is needed. This vulnerability existed because of insufficient validation of user-supplied input to the user profile component of Cisco Webex Meetings. Prior to this vul…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

▶CVEListV5cisco/cisco_webex_meetingsN/A

🔴Vulnerability Details

GHSA

GHSA-6mp7-m2x9-pp98: A vulnerability in the user profile component of Cisco Webex Meetings could have allowed an authenticated, remote attacker with low privileges to cond↗2025-09-10

▶

CVEList

CVE-2025-20328: A vulnerability in the user profile component of Cisco Webex Meetings could have allowed an authenticated, remote attacker with low privileges to cond↗2025-09-03

▶

📋Vendor Advisories

Cisco

Cisco Webex Meetings Cross-Site Scripting Vulnerability↗2025-09-03

▶

Microsoft

ClamAV VirusEvent File Processing Command Injection Vulnerability↗2024-03-12

▶