Cisco Webex Services Cross-Site Scripting Vulnerability

Overview

Please be advised that Cisco announced the following medium impact security vulnerability.

A vulnerability in Cisco Webex could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Cisco has addressed this vulnerability, and no customer action is needed.

This vulnerability was due to improper filtering of user-supplied input. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by persuading a user to follow a malicious link. A successful exploit could have allowed the attacker to conduct an XSS attack against the targeted user.

As mentioned, Cisco has addressed this vulnerability in the Cisco Webex service, and no customer action is necessary to update on-premises software or devices. There are no workarounds that address this vulnerability.

Full description of the vulnerability is available on the following link:

Cisco Webex Services Cross-Site Scripting Vulnerability

Impact description

^{_{Affected Products}}

Vulnerable products

This vulnerability affected Cisco Webex, which is cloud based.

Fixed Software

Cisco has addressed this vulnerability in Cisco Webex, which is cloud based. No user action is required.

Service notice

Bookmark our website so you don't miss out on updates and actions you may need to take.

Overview

Impact description

^{_{Affected Products}}

Service notice

Explore BT

Explore BT

Find your business

Find your business

Useful links

Useful links

Follow us

Follow us