PT-2019-1383 · Cisco · Webex Meetings
Yogesh Tantak
·
Published
2019-02-06
·
Updated
2023-03-23
·
CVE-2019-1677
CVSS v3.1
5.0
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Cisco Webex Meetings versions prior to 11.7.0.236
Description
The issue is due to insufficient validation of application input parameters, allowing an unauthenticated, local attacker to perform a cross-site scripting attack against the application. An attacker could exploit this by sending a malicious request to the Webex Meetings application, potentially executing script code in the context of the Webex Meetings application. This could allow the attacker to execute arbitrary JavaScript code.
Recommendations
For versions prior to 11.7.0.236, update to version 11.7.0.236 or later to resolve the issue. As a temporary workaround, consider restricting the use of intent-based requests to the Webex Meetings application until a patch is applied.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Webex Meetings