Cisco Webex Meetings vulnerabilities

CVE-2026-20149 [MEDIUM] CWE-79 CVE-2026-20149: A vulnerability in Cisco Webex could have allowed an unauthenticated, remote attacker to conduct a c A vulnerability in Cisco Webex could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Cisco has addressed this vulnerability, and no customer action is needed. This vulnerability was due to improper filtering of user-supplied input. Prior to this vulnerability being addressed, an attacker could have exp

CVE-2025-20328 [MEDIUM] CWE-79 CVE-2025-20328: A vulnerability in the user profile component of Cisco Webex Meetings could have allowed an authenti A vulnerability in the user profile component of Cisco Webex Meetings could have allowed an authenticated, remote attacker with low privileges to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. Cisco has addressed this vulnerability in the Cisco Webex Meetings service, and no customer action is needed. This vuln

CVE-2025-20291 [MEDIUM] CWE-601 CVE-2025-20291: A vulnerability in Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to re A vulnerability in Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to redirect a targeted Webex Meetings user to an untrusted website. Cisco has addressed this vulnerability in the Cisco Webex Meetings service, and no customer action is needed. This vulnerability existed because of insufficient validation of URLs that wer

CVE-2025-20215 [MEDIUM] CWE-295 CVE-2025-20215: A vulnerability in the meeting-join functionality of Cisco Webex Meetings could have allowed an unau A vulnerability in the meeting-join functionality of Cisco Webex Meetings could have allowed an unauthenticated, network-proximate attacker to complete a meeting-join process in place of an intended targeted user, provided the requisite conditions were satisfied. Cisco has addressed this vulnerability in the Cisco Webex Meetings service, and no cust

CVE-2025-20255 [MEDIUM] CWE-349 CVE-2025-20255: A vulnerability in client join services of Cisco Webex Meetings could allow an unauthenticated, remo A vulnerability in client join services of Cisco Webex Meetings could allow an unauthenticated, remote attacker to manipulate cached HTTP responses within the meeting join service. This vulnerability is due to improper handling of malicious HTTP requests to the affected service. An attacker could exploit this vulnerability by manipulating stored HTT

CVE-2025-20246 [MEDIUM] CWE-79 CVE-2025-20246: A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-si A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input. An attacker could exploit this vulnerability by persuading a user to follow a malicious link. A successful exploit could allow the attacker to conduct a cro

CVE-2025-20247 [MEDIUM] CWE-79 CVE-2025-20247: A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-si A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input. An attacker could exploit this vulnerability by persuading a user to follow a malicious link. A successful exploit could allow the attacker to conduct a cro

CVE-2025-20250 [MEDIUM] CWE-79 CVE-2025-20250: A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-si A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input. An attacker could exploit this vulnerability by persuading a user to follow a malicious link. A successful exploit could allow the attacker to conduct a cro

CVE-2021-1410 [MEDIUM] CWE-284 CVE-2021-1410: A vulnerability in the distribution list feature of Cisco Webex Meetings could allow an authent A vulnerability in the distribution list feature of Cisco Webex Meetings could allow an authenticated, remote attacker to modify a distribution list that belongs to another user of their organization. The vulnerability is due to insufficient authorization enforcement for requests to update distribution lists. An attacker could exploit this vulnerabili

CVE-2022-20654 [MEDIUM] CWE-80 CVE-2022-20654: A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticat A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based interface of Cisco Webex Meetings. An attacker could e

CVE-2023-20133 [MEDIUM] CWE-79 CVE-2023-20133: A vulnerability in the web interface of Cisco Webex Meetings could allow an authenticated, remote at A vulnerability in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because of insufficient validation of user-supplied input in Webex Events (classic) programs, email templates, and survey questions.

CVE-2023-20180 [MEDIUM] CWE-352 CVE-2023-20180: A vulnerability in the web interface of Cisco Webex Meetings could allow an unauthenticated, remote A vulnerability in the web interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web interface on an affected system. An attacker could exploit this vulnerability by persuading a u

CVE-2023-20132 [MEDIUM] CWE-20 CVE-2023-20132: Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow an authenticated, Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack or upload arbitrary files as recordings. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2023-20134 [MEDIUM] CWE-20 CVE-2023-20134: Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow an authenticated, Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack or upload arbitrary files as recordings. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2022-20820 [MEDIUM] CWE-1021 CVE-2022-20820: Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow a remote attacker Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow a remote attacker to conduct a cross-site scripting (XSS) attack or a frame hijacking attack against a user of the web interface. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2022-20852 [MEDIUM] CWE-1021 CVE-2022-20852: Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow a remote attacker Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow a remote attacker to conduct a cross-site scripting (XSS) attack or a frame hijacking attack against a user of the web interface. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2022-20778 [MEDIUM] CWE-79 CVE-2022-20778: A vulnerability in the authentication component of Cisco Webex Meetings could allow an unauthenticat A vulnerability in the authentication component of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the authentication component of Cisc

CVE-2022-20763 [MEDIUM] CWE-502 CVE-2022-20763: A vulnerability in the login authorization components of Cisco Webex Meetings could allow an authent A vulnerability in the login authorization components of Cisco Webex Meetings could allow an authenticated, remote attacker to inject arbitrary Java code. This vulnerability is due to improper deserialization of Java code within login requests. An attacker could exploit this vulnerability by sending malicious login requests to the Cisco Webex Meetin

CVE-2021-40128 [MEDIUM] CWE-183 CVE-2021-40128: A vulnerability in the account activation feature of Cisco Webex Meetings could allow an unauthentic A vulnerability in the account activation feature of Cisco Webex Meetings could allow an unauthenticated, remote attacker to send an account activation email with an activation link that points to an arbitrary domain. This vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by sen

CVE-2021-34743 [MEDIUM] CWE-352 CVE-2021-34743: A vulnerability in the application integration feature of Cisco Webex Software could allow an unauth A vulnerability in the application integration feature of Cisco Webex Software could allow an unauthenticated, remote attacker to authorize an external application to integrate with and access a user's account without that user's express consent. This vulnerability is due to improper validation of cross-site request forgery (CSRF) tokens. An attacke