CVE-2024-20396

A vulnerability in the protocol handlers of Cisco Webex App could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability exists because the affected application does not safely handle file protocol handlers. An attacker could exploit this vulnerabili...

CVE-2023-20180

A vulnerability in the web interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web interface on an affected system. An attack...

CVE-2023-20047

A vulnerability in the Link Layer Discovery Protocol LLDP feature of Cisco Webex Room Phone and Cisco Webex Share devices could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient resource...

CVE-2023-20133

A vulnerability in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability exists because of insufficient validation of user-supplied input in Webex Events class...

CVE-2022-20654

A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based...

CVE-2021-1410

A vulnerability in the distribution list feature of Cisco Webex Meetings could allow an authenticated, remote attacker to modify a distribution list that belongs to another user of their organization. The vulnerability is due to insufficient authorization enforcement for requests to update...

CVE-2020-26067

A vulnerability in the web-based interface of Cisco Webex Teams could allow an authenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of usernames. An attacker could exploit this vulnerability by creating an account that contains...

CVE-2013-1116

Buffer overflow in Cisco WebEx Advanced Recording Format ARF player T27 LD before SP32 EP16, T27 L10N before SP32ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption via a crafted ARF file, aka Bug IDs CSCue74147 and...

CVE-2011-4004

Buffer overflow in the ATAS32 processing functionality in the Cisco WebEx Recording Format WRF player T26 before SP49 EP40 and T27 before SP28 allows remote attackers to execute arbitrary code via a crafted WRF file...

Vulnerabilities fixed in Cisco Webex

Cisco has fixed vulnerabilities in Cisco Webex. The vulnerabilities are in the way Cisco Webex filters user input. Unauthenticated attackers can exploit these vulnerabilities to perform cross-site scripting XSS attacks by convincing users to click on malicious links. Such an attack can lead to...

CVE-2013-1107

The search function in Cisco Webex Social formerly Cisco Quad allows remote authenticated users to read files via unspecified parameters, aka Bug ID CSCud40235...

CVE-2011-3319

Buffer overflow in the WRF parsing functionality in the Cisco WebEx Recording Format WRF player T26 before SP49 EP40 and T27 before SP28 allows remote attackers to execute arbitrary code via a crafted WRF file...

CVE-2012-3055

Stack-based buffer overflow in the Cisco WebEx Recording Format WRF player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code via a crafted DHT chunk in a JPEG image within a...

CVE-2013-5529

The deployment module in the server in Cisco WebEx Meeting Center does not properly validate the passphrase, which allows remote attackers to launch a deployment or cause a denial of service deployment interruption via a direct request, aka Bug ID CSCuf52200...

CVE-2013-1231

The HTTP implementation in Cisco WebEx Node for MCS and WebEx Meetings Server allows remote attackers to read cache files via a crafted request, aka Bug IDs CSCue36664 and CSCue36629...

CVE-2013-1119

Buffer overflow in Cisco WebEx Recording Format WRF player T27 LD before SP32 EP16, T27 L10N before SP32ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted DHT index value in JPEG data within a WRF file, aka...

CVE-2013-1118

Stack-based buffer overflow in Cisco WebEx Recording Format WRF player T27 LD before SP32 EP16, T27 L10N before SP32ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCuc27645...

CVE-2013-1115

Buffer overflow in Cisco WebEx Advanced Recording Format ARF player T27 LD before SP32 EP16, T27 L10N before SP32ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted ARF file, aka Bug IDs CSCue74118,...

CVE-2012-6399

Cisco WebEx 4.1 on iOS does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, aka Bug ID CSCud94176...

CVE-2012-6397

Cross-site scripting XSS vulnerability in Cisco WebEx Social formerly Cisco Quad allows remote attackers to inject arbitrary web script or HTML via a crafted RSS service link, aka Bug ID CSCub61977...