6.1
CVE-2026-20233
- EPSS 0.18%
- Veröffentlicht 03.06.2026 16:06:06
- Zuletzt bearbeitet 08.06.2026 13:36:37
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
Cisco Webex Meetings Cross-Site Scripting Vulnerability
A vulnerability in the web-based user interface of Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Cisco has addressed this vulnerability in the Webex Meetings service, and no customer action is needed. This vulnerability existed because of insufficient validation of user input. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by persuading a user to follow a malicious link. A successful exploit could have allowed the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Webex Meetings Version39.6.0
Cisco ≫ Webex Meetings Version39.7.0
Cisco ≫ Webex Meetings Version39.7.4
Cisco ≫ Webex Meetings Version39.7.7
Cisco ≫ Webex Meetings Version39.8.0
Cisco ≫ Webex Meetings Version39.8.2
Cisco ≫ Webex Meetings Version39.8.3
Cisco ≫ Webex Meetings Version39.8.4
Cisco ≫ Webex Meetings Version39.9.0
Cisco ≫ Webex Meetings Version39.9.1
Cisco ≫ Webex Meetings Version39.10.0
Cisco ≫ Webex Meetings Version39.11.0
Cisco ≫ Webex Meetings Version40.1.0
Cisco ≫ Webex Meetings Version40.2.0
Cisco ≫ Webex Meetings Version40.4.0
Cisco ≫ Webex Meetings Version40.4.10
Cisco ≫ Webex Meetings Version40.6.0
Cisco ≫ Webex Meetings Version40.6.2
Cisco ≫ Webex Meetings Version42.6.0
Cisco ≫ Webex Meetings Version42.7.0
Cisco ≫ Webex Meetings Version42.8.0
Cisco ≫ Webex Meetings Version42.9.0
Cisco ≫ Webex Meetings Version42.10.0
Cisco ≫ Webex Meetings Version42.11.0
Cisco ≫ Webex Meetings Version42.12.0
Cisco ≫ Webex Meetings Version43.1.0
Cisco ≫ Webex Meetings Version43.2.0
Cisco ≫ Webex Meetings Version43.3.0
Cisco ≫ Webex Meetings Version43.4.0
Cisco ≫ Webex Meetings Version43.4.1
Cisco ≫ Webex Meetings Version43.4.2
Cisco ≫ Webex Meetings Version43.5.0
Cisco ≫ Webex Meetings Version43.6.0
Cisco ≫ Webex Meetings Version43.6.1
Cisco ≫ Webex Meetings Version43.7.0
Cisco ≫ Webex Meetings Version43.8.0
Cisco ≫ Webex Meetings Version43.9.0
Cisco ≫ Webex Meetings Version43.10.0
Cisco ≫ Webex Meetings Version43.11.0
Cisco ≫ Webex Meetings Version43.12.0
Cisco ≫ Webex Meetings Version44.1.0
Cisco ≫ Webex Meetings Version44.2.0
Cisco ≫ Webex Meetings Version44.3.0
Cisco ≫ Webex Meetings Version44.4.0
Cisco ≫ Webex Meetings Version44.5.0
Cisco ≫ Webex Meetings Version44.6.0
Cisco ≫ Webex Meetings Version44.7.0
Cisco ≫ Webex Meetings Version44.8.0
Cisco ≫ Webex Meetings Version44.9.0
Cisco ≫ Webex Meetings Version44.10.0
Cisco ≫ Webex Meetings Version44.11.0
Cisco ≫ Webex Meetings Version44.12.0
Cisco ≫ Webex Meetings Version45.1.0
Cisco ≫ Webex Meetings Version45.2.0
Cisco ≫ Webex Meetings Version45.3.0
Cisco ≫ Webex Meetings Version45.4.0
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.18% | 0.081 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@cisco.com | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-jw3NeQzS