CVE-2019-1677

Name of the Vulnerable Software and Affected Versions Cisco Webex Meetings versions prior to 11.7.0.236

Description The issue is due to insufficient validation of application input parameters, allowing an unauthenticated, local attacker to perform a cross-site scripting attack against the application. An attacker could exploit this by sending a malicious request to the Webex Meetings application, potentially executing script code in the context of the Webex Meetings application. This could allow the attacker to execute arbitrary JavaScript code.

Recommendations For versions prior to 11.7.0.236, update to version 11.7.0.236 or later to resolve the issue. As a temporary workaround, consider restricting the use of intent-based requests to the Webex Meetings application until a patch is applied.