Описание
A vulnerability in Cisco Webex Meetings for Android could allow an unauthenticated, local attacker to perform a cross-site scripting attack against the application. The vulnerability is due to insufficient validation of the application input parameters. An attacker could exploit this vulnerability by sending a malicious request to the Webex Meetings application through an intent. A successful exploit could allow the attacker to execute script code in the context of the Webex Meetings application. Versions prior to 11.7.0.236 are affected.
Ссылки
- Broken LinkThird Party AdvisoryVDB Entry
- Vendor Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- Vendor Advisory
Уязвимые конфигурации
EPSS
5 Medium
CVSS3
4.6 Medium
CVSS3
1.9 Low
CVSS2
Дефекты
Связанные уязвимости
A vulnerability in Cisco Webex Meetings for Android could allow an unauthenticated, local attacker to perform a cross-site scripting attack against the application. The vulnerability is due to insufficient validation of the application input parameters. An attacker could exploit this vulnerability by sending a malicious request to the Webex Meetings application through an intent. A successful exploit could allow the attacker to execute script code in the context of the Webex Meetings application. Versions prior to 11.7.0.236 are affected.
Уязвимость программного обеспечения для веб-конференцсвязи Cisco WebEx Meetings, существующая из-за непринятия мер по защите структуры веб-страницы, позволяющая нарушителю выполнить произвольный JavaScript-сценарий в контексте Cisco WebEx Meetings
EPSS
5 Medium
CVSS3
4.6 Medium
CVSS3
1.9 Low
CVSS2