Cisco Webex Meetings Server 2.6.0 Cross Site Scripting Vulnerability
19 Sep. 2016
Cross-site scripting (XSS) vulnerability in the administrator interface in Cisco WebEx Meetings Server 2.6 allows remote attackers to inject arbitrary web script or HTML via vectors, aka Bug ID CSCuy83194.
* Cisco Webex Meetings Server 2.6.0
* Cisco Webex Meetings Server 184.108.40.206
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks.
The vulnerability is due to insufficient sanitization of user-supplied input by the affected software. An unauthenticated, remote attacker could exploit this vulnerability by persuading a user to visit a malicious URL. A successful exploit could allow the attacker to conduct reflected XSS attacks in the user s browser session, which could be used to conduct further attacks.
Cisco released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.