Webex
Monthly
Cisco Webex is vulnerable to reflected cross-site scripting (XSS) attacks due to insufficient input validation, allowing unauthenticated attackers to inject malicious scripts by tricking users into clicking crafted links. Successful exploitation could enable attackers to steal session tokens, redirect users, or perform actions on behalf of targeted victims. Although Cisco has released a fix, no patch is currently available for this MEDIUM severity vulnerability.
An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 80.4%.
The Meeting Center component in Cisco WebEx 11 generates different error messages for invalid file-access attempts depending on whether a file exists, which allows remote authenticated users to. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cisco WebEx 4.1 on iOS does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.
Cisco Webex is vulnerable to reflected cross-site scripting (XSS) attacks due to insufficient input validation, allowing unauthenticated attackers to inject malicious scripts by tricking users into clicking crafted links. Successful exploitation could enable attackers to steal session tokens, redirect users, or perform actions on behalf of targeted victims. Although Cisco has released a fix, no patch is currently available for this MEDIUM severity vulnerability.
An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 80.4%.
The Meeting Center component in Cisco WebEx 11 generates different error messages for invalid file-access attempts depending on whether a file exists, which allows remote authenticated users to. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cisco WebEx 4.1 on iOS does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.