3 matches found
Command injection
Cisco WebEx Meetings Server 2.6 allows remote attackers to execute arbitrary commands by injecting these commands into an application script, aka Bug ID CSCuy83130...
CVE-2016-1449
Cisco WebEx Meetings Server 2.6 is affected by CVE-2016-1449: a reflected XSS caused by insufficient validation of user-supplied input, exploitable via a crafted URL to inject arbitrary script in a user’s context. Cisco’s advisory (Cisco Security Advisory cisco-sa-20160714-wms3) notes that softwa...
CVE-2016-1446
Cisco WebEx Meetings Server 2.6 contains a SQL injection vulnerability exploitable by remote, authenticated users to execute arbitrary SQL commands via unspecified vectors (Bug CSCuy83200). Root cause is lack of input validation in SQL queries. Cisco has released software updates addressing the i...