CVE-2018-0390

Name of the Vulnerable Software and Affected Versions Cisco Webex (affected versions not specified)

Description A vulnerability in the web framework of Cisco Webex could allow an unauthenticated, remote attacker to conduct a Document Object Model-based (DOM-based) cross-site scripting (XSS) attack against the user of the web interface of an affected system. The issue is due to insufficient input validation of certain parameters passed to the affected software using the HTTP POST method. An attacker could execute arbitrary script or HTML code in the user's browser in the context of the affected site by submitting malicious scripts to the affected user interface element.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.