Skip to main content

Webex Meetings Server CVE-2016-1447

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2016-07-15 psirt@cisco.com
6.1
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Jul 15, 2016 - 16:59 cve.org
MEDIUM 6.1

DescriptionCVE.org

Cross-site scripting (XSS) vulnerability in the administrator interface in Cisco WebEx Meetings Server 2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuy83194.

AnalysisAI

Cross-site scripting (XSS) vulnerability in the administrator interface in Cisco WebEx Meetings Server 2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross-site scripting (XSS) vulnerability in the administrator interface in Cisco WebEx Meetings Server 2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuy83194. Affected products include: Cisco Webex Meetings Server.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2017-3823 HIGH POC
8.8 Feb 01

An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Conta

CVE-2017-6753 HIGH
8.8 Jul 25

A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated,

CVE-2017-12372 CRITICAL
9.6 Nov 30

A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Pla

CVE-2017-12368 CRITICAL
9.6 Nov 30

A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Pla

CVE-2017-12367 CRITICAL
9.6 Nov 30

A "Cisco WebEx Network Recording Player Denial of Service Vulnerability" exists in Cisco WebEx Network Recording Player

CVE-2020-3361 CRITICAL
9.8 Jun 18

A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker

CVE-2018-0104 CRITICAL
9.6 Jan 04

A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a remote a

CVE-2015-0589 CRITICAL
9.0 Feb 07

The administrative web interface in Cisco WebEx Meetings Server 1.0 through 1.5 allows remote authenticated users to exe

CVE-2020-3419 CRITICAL
9.1 Nov 18

A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker

CVE-2018-0112 CRITICAL
9.0 Apr 19

A vulnerability in Cisco WebEx Business Suite clients, Cisco WebEx Meetings, and Cisco WebEx Meetings Server could allow

CVE-2016-1446 HIGH
8.8 Jul 15

SQL injection vulnerability in Cisco WebEx Meetings Server 2.6 allows remote authenticated users to execute arbitrary SQ

CVE-2017-12293 HIGH
8.6 Oct 19

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to cause a denial of serv

Share

CVE-2016-1447 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy