CVE-2023-20133— Cisco Webex Meetings 跨站脚本漏洞

N/A

A vulnerability in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because of insufficient validation of user-supplied input in Webex Events (classic) programs, email templates, and survey questions. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Cisco Webex Meetings 跨站脚本漏洞

Cisco Webex Meetings是美国思科（Cisco）公司的一套视频会议解决方案。 Cisco Webex Meetings存在安全漏洞，该漏洞源于对用户提供的输入验证不足，允许攻击者执行任意脚本代码或访问基于浏览器的敏感信息。

N/A

N/A