CVE-2016-1309

Name of the Vulnerable Software and Affected Versions Cisco WebEx Meetings Server version 2.5.1.5

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web script or HTML. This is due to the lack of protection measures for the web page structure, which can be exploited by a remote attacker to inject malicious code.

Recommendations For Cisco WebEx Meetings Server version 2.5.1.5, consider restricting access to unspecified parameters that can be used to inject arbitrary web script or HTML until a patch is available. As a temporary workaround, avoid using parameters that may be vulnerable to XSS attacks in the affected web pages. At the moment, there is no information about a newer version that contains a fix for this vulnerability.