Webex Meeting Center Security Vulnerabilities - 2013

CVE-2013-6960

Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meeting Center allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36248.

CVE-2013-6961

Cross-site scripting (XSS) vulnerability in the Collaboration Partner Access Console (CPAC) in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36237.

CVE-2013-6962

Cross-site scripting (XSS) vulnerability in the mobile-browser subsystem in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36228.

CVE-2013-6964

Cisco WebEx Meeting Center allows remote authenticated users to bypass access control and inject content from a different WebEx site via unspecified vectors, aka Bug ID CSCul36197.

CVE-2013-6970

Cisco WebEx Meeting Center allows remote attackers to obtain sensitive information by reading verbose error messages within server responses, aka Bug ID CSCul35928.