Elber Tavares

**Name of the Vulnerable Software and Affected Versions** Cisco Webex Teams (affected versions not specified) **Description** A vulnerability in the web-based interface of Cisco Webex Teams could allow an authenticated, remote attacker to conduct cross-site scripting attacks. The issue is due to improper validation of usernames, allowing an attacker to create an account with malicious HTML or script content and join a space using the malicious account name. This could enable the attacker to conduct cross-site scripting attacks and potentially gain access to sensitive browser-based information. **Recommendations** For all affected versions, update to the latest software version released by Cisco, as it addresses this vulnerability. At the moment, there is no information about additional mitigation measures or workarounds that address this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intelbras Wireless N 150Mbps router with firmware WRN 240 **Description** The issue allows attackers to steal wireless credentials without being connected to the network. This is related to `userRpm/popupSiteSurveyRpm.htm` and `userRpm/WlanSecurityRpm.htm`. The attack vector involves a crafted ESSID. **Recommendations** For Intelbras Wireless N 150Mbps router with firmware WRN 240, consider restricting access to the `userRpm/popupSiteSurveyRpm.htm` and `userRpm/WlanSecurityRpm.htm` pages until a fix is available. Avoid using crafted ESSIDs to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.