Cross-site scripting (XSS) vulnerability in sendPwMail.do in Cisco WebEx Meetings Server allows remote malicious users to inject arbitrary web script or HTML via the email parameter, aka Bug ID CSCuj40381.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco webex meetings server - |
Cisco squashes bugs in WebEx
Cisco has patched four holes in WebEx that allowed attackers to gain access to video conferences and gain other administrative functions. The popular platform contained a cross site request forgery in versions 1.5 and below. Cisco slapped a moderate severity rating on the bug (CVE-2014-8031). "A vulnerability in the web framework code of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to perform a cross-site request forgery attack," Cisco wrote in an advisory. "The vu...