Published: 09/01/2015 Updated: 08/09/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in sendPwMail.do in Cisco WebEx Meetings Server allows remote malicious users to inject arbitrary web script or HTML via the email parameter, aka Bug ID CSCuj40381.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco webex meetings server -

A vulnerability in the sendPwMaildo page of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system The vulnerability is due to improper sanitization of the email parameter An attacker could exploit this vulnerability b ...

Change the plan for Sat night, hackers. No more biz meetup eavesdrop LOLs

The Register • Darren Pauli • 14 Jan 2015

Cisco squashes bugs in WebEx

Cisco has patched four holes in WebEx that allowed attackers to gain access to video conferences and gain other administrative functions. The popular platform contained a cross site request forgery in versions 1.5 and below. Cisco slapped a moderate severity rating on the bug (CVE-2014-8031). "A vulnerability in the web framework code of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to perform a cross-site request forgery attack," Cisco wrote in an advisory. "The vu...

CVE-2014-8030

Vulnerability Summary

Vendor Advisories

Recent Articles

References

Vulmon Search

About

Products

Connect