Cisco Bug: CSCvu06679 - Cisco Webex Meetings and Cisco Webex Meetings Server HTML Injection Vulnerability
Jul 20, 2020
- Cisco Webex Meetings Online
Known Affected Releases
Symptom: A vulnerability in certain web pages of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to modify a web page in the context of a browser. The vulnerability is due to improper checks on parameter values within affected pages. An attacker could exploit this vulnerability by persuading a user to follow a crafted link that is designed to pass HTML code into an affected parameter. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious web sites, or the attacker could leverage this vulnerability to conduct further client-side attacks. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-html-BJ4Y9tX Conditions: At the time of publication, this vulnerability affected Cisco Webex Meetings releases earlier than Release 40.6.0 and Cisco Webex Meetings Server releases earlier than Release 4.0 MR3.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases