Yogesh Tantak

**Name of the Vulnerable Software and Affected Versions** Cisco Webex Meetings versions prior to 11.7.0.236 **Description** The issue is due to insufficient validation of application input parameters, allowing an unauthenticated, local attacker to perform a cross-site scripting attack against the application. An attacker could exploit this by sending a malicious request to the Webex Meetings application, potentially executing script code in the context of the Webex Meetings application. This could allow the attacker to execute arbitrary JavaScript code. **Recommendations** For versions prior to 11.7.0.236, update to version 11.7.0.236 or later to resolve the issue. As a temporary workaround, consider restricting the use of intent-based requests to the Webex Meetings application until a patch is applied.