Vulnslist

find the latest Cisco vulnerabilities

Cisco WebEx Meetings Server Cross-Site Scripting Vulnerability

Cisco-SA-20150513-CVE-2015-0634 · Medium · Published · Updated

A vulnerability within the administrative interface of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to insufficient validation of user-supplied input submitted to an affected device. An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to follow a malicious link or attacker-controlled web page. A successful exploit could allow an attacker to execute arbitrary script or HTML code on the user's browser within the context of the affected site. Cisco has confirmed the vulnerability and software updates are available. To exploit the vulnerability, the attacker may provide a link that directs a user to a malicious website and use misleading language or instructions to persuade the user to follow the link.

Cisco advisory · CSAF JSON

Workarounds

Administrators are advised to apply the appropriate updates.

Users should verify that unsolicited links are safe to follow.

For additional information about XSS attacks and the methods used to exploit these vulnerabilities, see the Cisco Applied Mitigation Bulletin Understanding Cross-Site Scripting (XSS) Threat Vectors["http://www.cisco.com/c/en/us/support/docs/cmb/cisco-amb-20060922-understanding-xss.html"].

Administrators are advised to monitor affected systems.

CVEsCVE-2015-0634
Cisco Bug IDsNA
CVSS ScoreBase 4.3
Base 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N/E:F/RL:OF/RC:C
Product Names From Source
Cisco WebEx Meeting Center

Related Products

Product CVE Evidence
Cisco Webex Meetings CVE-2015-0634 Cisco OpenVuln
Cisco WebEx Meetings Server CVE-2015-0634 Cisco OpenVuln
Cisco WebEx Meeting Center CVE-2015-0634 Cisco OpenVuln