CVE-2023-20104

Name of the Vulnerable Software and Affected Versions Cisco Webex App for Web (affected versions not specified)

Description The issue is related to the file upload functionality of the Cisco Webex App for Web, where insufficient validation of user-supplied input allows an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. An attacker could exploit this by sending an arbitrary file to a user and persuading that user to browse to a specific URL, potentially allowing the execution of arbitrary script code in the context of the affected interface or access to sensitive, browser-based information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.