Cisco WebEx Meetings Server Administrator Interface Reflected Cross-Site Scripting Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks.

The vulnerability is due to insufficient sanitization of user-supplied input by the affected software. An unauthenticated, remote attacker could exploit this vulnerability by persuading a user to visit a malicious URL. A successful exploit could allow the attacker to conduct reflected XSS attacks in the user’s browser session, which could be used to conduct further attacks.

Cisco released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160714-wms1[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160714-wms1”]