CVE-2021-1500 Cisco Webex Video Mesh Arbitrary Site Redirection Vulnerability

A vulnerability in the web-based management interface of Cisco Webex Video Mesh could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP request. An attacker could exploit th...

CVE-2021-40115 Cisco Webex Video Mesh Cross-Site Scripting Vulnerability

A vulnerability in Cisco Webex Video Mesh could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker...

CVE-2021-40115

CVE-2021-40115 — Cisco Webex Video Mesh XSS : A vulnerability in Cisco Webex Video Mesh arises from insufficient validation of user-supplied input in the web-based management interface, enabling an unauthenticated, remote attacker to lure a user into clicking a crafted link and execute arbitrary ...

CVE-2021-40115 Cisco Webex Video Mesh Cross-Site Scripting Vulnerability

A vulnerability in Cisco Webex Video Mesh could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker...

CVE-2021-40128 Cisco Webex Meetings Email Content Injection Vulnerability

A vulnerability in the account activation feature of Cisco Webex Meetings could allow an unauthenticated, remote attacker to send an account activation email with an activation link that points to an arbitrary domain. This vulnerability is due to insufficient validation of user-supplied parameter...

CVE-2021-40128 Cisco Webex Meetings Email Content Injection Vulnerability

A vulnerability in the account activation feature of Cisco Webex Meetings could allow an unauthenticated, remote attacker to send an account activation email with an activation link that points to an arbitrary domain. This vulnerability is due to insufficient validation of user-supplied parameter...

CVE-2021-40128

CVE-2021-40128 concerns Cisco Webex Meetings. Affected component: account activation feature. Root cause: insufficient validation of user-supplied parameters, allowing an unauthenticated attacker to cause an activation email with a tampered link to an attacker-controlled domain. Impact: potential...

Vulnerabilities fixed in Cisco Webex

Vulnerabilities have been fixed in Cisco Webex. The vulnerabilities marked CVE-2021-1500 and CVE-2021-40128 allow an unauthenticated remote malicious person able to trick a user to trick a user into opening a rogue Web page. The vulnerability with reference CVE-2021-40115 allows a malicious perso...

Cisco Webex Meetings Email Content Injection Vulnerability

A vulnerability in the account activation feature of Cisco Webex Meetings could allow an unauthenticated, remote attacker to send an account activation email with an activation link that points to an arbitrary domain. This vulnerability is due to insufficient validation of user-supplied parameter...

Cisco Webex Video Mesh Cross-Site Scripting Vulnerability

A vulnerability in Cisco Webex Video Mesh could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker...

Cisco Webex Video Mesh Arbitrary Site Redirection Vulnerability

A vulnerability in the web-based management interface of Cisco Webex Video Mesh could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP request. An attacker could exploit th...

Cisco Webex Meetings 安全漏洞

An input validation error vulnerability exists in Cisco Webex Meetings, a video conferencing solution from Cisco, which stems from insufficient validation of user-supplied parameters in the product. An attacker could send an activation email to an increasingly account through this vulnerability...

Cisco Webex Video Mesh 跨站脚本漏洞

Cisco Webex Video Mesh is a software from Cisco, U.S.A. Cisco Webex Video Mesh dynamically finds the best combination of local and cloud conferencing resources. When local resources are sufficient, local meetings stay local. When local resources are exhausted, the conference is expanded to the...

Cisco Webex Video Mesh 输入验证错误漏洞

Cisco Webex Video Mesh is a software from Cisco, U.S.A. Cisco Webex Video Mesh dynamically finds the best combination of local and cloud conferencing resources. When local resources are sufficient, local meetings stay local. When local resources are exhausted, the conference is expanded to the...

PT-2021-5336 · Cisco · Cisco Webex Meetings

Name of the Vulnerable Software and Affected Versions: Cisco Webex Meetings affected versions not specified Description: A vulnerability in the account activation feature of Cisco Webex Meetings could allow an unauthenticated, remote attacker to send an account activation email with an activation...

CVE-2021-34743

A vulnerability in the application integration feature of Cisco Webex Software could allow an unauthenticated, remote attacker to authorize an external application to integrate with and access a user's account without that user's express consent. This vulnerability is due to improper validation o...

Cross site request forgery (csrf)

A vulnerability in the application integration feature of Cisco Webex Software could allow an unauthenticated, remote attacker to authorize an external application to integrate with and access a user's account without that user's express consent. This vulnerability is due to improper validation o...

CVE-2021-34743

Cisco Webex Software is affected by a CSRF (cross-site request forgery) vulnerability that can allow an unauthenticated, remote attacker to authorize an external application to access a user’s account without consent. The issue arises from improper validation of CSRF tokens, and an attacker must ...

CVE-2021-34743 Cisco Webex Software Application Authorization Bypass Vulnerability

A vulnerability in the application integration feature of Cisco Webex Software could allow an unauthenticated, remote attacker to authorize an external application to integrate with and access a user's account without that user's express consent. This vulnerability is due to improper validation o...

CVE-2021-34743 Cisco Webex Software Application Authorization Bypass Vulnerability

A vulnerability in the application integration feature of Cisco Webex Software could allow an unauthenticated, remote attacker to authorize an external application to integrate with and access a user's account without that user's express consent. This vulnerability is due to improper validation o...