Cisco WebEx Meetings Server Administrative Portal Cross-Site Scripting Vulnerability

A vulnerability in the administration portal page of the Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks.

The vulnerability is due to insufficient validation of user-supplied input submitted to the administration portal page of the affected software. An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to visit a malicious website. If successful, the attacker could conduct an XSS attack and execute arbitrary scripts in the user’s browser session or gain access to sensitive information.

Cisco has confirmed the vulnerability and released software updates.

To exploit the vulnerability, the attacker may provide a link that directs a user to a malicious site and use misleading language or instructions to persuade the user to follow the link.