CVE-2018-15436

Name of the Vulnerable Software and Affected Versions Cisco Webex Events Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center (affected versions not specified)

Description The issue is related to insufficient validation of user-supplied input by the web-based management interface, which could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. This can be exploited by persuading a user to click a malicious link, potentially allowing the attacker to execute arbitrary script code or access sensitive browser-based information.

Recommendations For Cisco Webex Events Center, consider disabling the web-based management interface until a patch is available. For Cisco Webex Meeting Center, restrict access to the interface to minimize the risk of exploitation. For Cisco Webex Support Center, avoid using the interface for sensitive operations until the issue is resolved. For Cisco Webex Training Center, consider implementing additional security measures to protect against XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.