CVE-2026-20149 — Cross-site Scripting in Cisco Webex Meetings

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.0%

top 85.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Webex Meetings

Timeline

PublishedMar 4

Description

A vulnerability in Cisco Webex could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Cisco has addressed this vulnerability, and no customer action is needed. This vulnerability was due to improper filtering of user-supplied input. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by persuading a user to follow a malicious link. A successful exploit could have allowed the attacker to conduct an XSS at…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶CVEListV5cisco/cisco_webex_meetingsN/A

🔴Vulnerability Details

GHSA

GHSA-wgqr-v4gj-r4jj: A vulnerability in Cisco Webex could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack↗2026-03-04

▶

CVEList

CVE-2026-20149: A vulnerability in Cisco Webex could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack↗2026-03-04

▶

📋Vendor Advisories

Cisco

Cisco Webex Services Cross-Site Scripting Vulnerability↗2026-03-04

▶