16 matches found
CVE-2017-6753
Cisco WebEx browser extensions for Chrome/Firefox (pre-1.0.12) are vulnerable to remote code execution due to a design flaw in the atgpcext library, allowing an unauthenticated attacker to run arbitrary code with the privileges of the affected browser when a user visits a crafted page. Affected p...
CVE-2019-15987
CVE-2019-15987 affects Cisco Webex Centers suite (Webex Event Center, Meeting Center, Support Center, Training Center). Root cause: missing CAPTCHA on select URLs allows unauthenticated, remote attacker to enumerate usernames and potentially obtain real names. Impact is information disclosure (no...
CVE-2013-6963
Cisco WebEx Training Center contains a cross-site scripting (XSS) vulnerability in the registration page (CVE-2013-6963). The issue stems from insufficient validation of user-supplied input, enabling an unauthenticated remote attacker to craft a malicious URL that, when a user follows it, may inj...
CVE-2014-2199
CVE-2014-2199 affects Cisco WebEx components (Event Center, Meeting Center, Sales Center, Training Center, WebEx Meetings Server 1.5(.1.131) and earlier) and WebEx Business Suite; vulnerable are versions before 27.32.31.16 (27.x), before 28.12.13.18 (28.x), and before 29.5.1.12 (29.x). The vulner...
CVE-2013-6968
Cisco WebEx Training Center is affected by CVE-2013-6968, a vulnerability in the training registration page where error messages differ depending on whether an email exists, enabling remote attackers to enumerate registered attendees via multiple registration requests (Bug CSCul36003). Affected p...
CVE-2013-6971
Cisco WebEx Training Center has an open redirect vulnerability (CVE-2013-6971) that can be exploited by an unauthenticated, remote attacker to redirect users to an attacker‑supplied URL via a crafted link. The issue is described in Cisco’s advisory Cisco-SA-20131213-CVE-2013-6971, which notes tha...
CVE-2013-6709
Cisco WebEx Training Center’s registration page vulnerability (CVE-2013-6709) exposes the training-session URL before payment, enabling unauthenticated remote attackers to obtain the session password and access code and join the audio conference. Root cause: disclosure of session access data prio...
CVE-2013-6973
Cisco WebEx Training Center is affected by CVE-2013-6973 due to improper handling of inputs, allowing remote attackers to discover other users’ registration IDs via a crafted URL. The vulnerability enables unauthenticated information disclosure and is detailed in Cisco’s advisory Cisco-SA-2013121...
CVE-2013-6965
Cisco WebEx Training Center’s registration component leaks the training session URL before email confirmation, enabling remote attackers to join the audio conference using credentials from that URL. This bypasses access controls without requiring a valid email verification. Public details across ...
CVE-2013-1109
Cisco WebEx Training Center is affected by CVE-2013-1109, a CSRF vulnerability in the Training Center testing library (testingLibraryAction.do) that could allow remote attackers to hijack the authentication of arbitrary users and trigger test deletions. The CVE entry notes a CVSS v2 base score of...
CVE-2013-6966
Cisco WebEx Training Center is affected by an open redirect vulnerability (CVE-2013-6966). A remote attacker can lure a user to follow a crafted URL that redirects to an attacker‑supplied site, enabling phishing. The cited Cisco advisory indicates that software updates are not available, and no p...
CVE-2013-6710
CVE-2013-6710 describes a CSRF vulnerability in Cisco WebEx Training Center that could allow remote attackers to hijack the authentication of users via unknown vectors. The issue is attributed to insufficient CSRF protections in the WebEx Training Center web framework, enabling an attacker to con...
CVE-2013-1108
Cisco WebEx Training Center is affected by CVE-2013-1108. The vulnerability allows remote authenticated users to remove hands-on lab-session reservations via a crafted URL (Bug ID CSCzu81064). The NVD entry records a CVSS v2 base score of 4.0 (MEDIUM) with Network attack vector, low attack comple...
CVE-2013-1110
Cisco WebEx Training Center (the affected product) contains a vulnerability where remote authenticated users can bypass intended privilege restrictions by submitting a crafted URL, enabling or disabling training-center recordings. The underlying issue is a privilege-control bypass that lets an au...
CVE-2013-6972
Cisco WebEx Training Center exposes session numbers via server HTML responses, allowing remote attackers to discover valid session numbers and bypass host approval to join audio-conferences without attendee authorization. Root cause: inappropriate disclosure of sensitive information in server rep...
CVE-2013-6969
CVE-2013-6969 concerns Cisco WebEx Training Center: the training-registration page allows remote modification of unspecified fields via unknown vectors (Bug ID CSCul35990). Affected product: Cisco WebEx Training Center (training-registration component). Underlying cause and exact vectors are not ...