Fwd: [CIVN-2020-0286] Cisco Webex Meetings and Cisco Webex Meetings Server HTML Injection Vulnerability

1 year ago 83

Severity Rating: MEDIUM

Software Affected

Cisco Webex Meetings releases prior to Release 40.6.0

Cisco Webex Meetings Server releases prior to Release 4.0 MR3

Overview

A vulnerability has been reported in web pages of Cisco Webex Meetings and

Cisco Webex Meetings Server which could allow an unauthenticated, remote

attacker to conduct HTML Injection.

Description

A vulnerability exists in certain web pages of Cisco Webex Meetings and

Cisco Webex Meetings Server due to improper checks on parameter values

within affected pages. An attacker could exploit this vulnerability by

persuading a user to follow a specially crafted link. 

Successful exploitation of this vulnerability could allow the remote

attacker to alter the contents of a web page or conduct client-side

attacks.

Solution

Apply appropriate security updates as mentioned in 

- -sa-webex-html-BJ4Y9tX

Vendor Information

CISCO

- -sa-webex-html-BJ4Y9tX

References

CISCO

- -sa-webex-html-BJ4Y9tX

CVE Name

CVE-2020-3345

About Cert Advisory

Related Posts

Read Entire Article