CVE-2021-1221

CVSS v3.1

4.1

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Cisco Webex Meetings and Cisco Webex Meetings Server Software (affected versions not specified)

Description A vulnerability in the user interface could allow an authenticated, remote attacker to inject a hyperlink into a meeting invitation email due to insufficient input validation. An attacker could exploit this by entering a URL into a field in the user interface, potentially generating an email with a link to a destination of their choosing. Since the email is sent from a trusted source, the recipient may be more likely to click the link.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Special Elements Injection

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-20

Related Identifiers

BDU:2021-00710

CVE-2021-1221

Affected Products

Cisco Webex Meetings

Cisco Webex Meetings Server

CVE-2021-1221

Weakness Enumeration

Related Identifiers

Affected Products

References · 5