Cisco patches and discloses XSS vulnerability in WebEx Meetings Server
Version 2.6 of Cisco's WebEx Meetings Server contains an XSS vulnerability due to insufficient data sanitization.
Cisco yesterday disclosed a vulnerability in version 2.6 of its WebEx Meetings Server that leaves users susceptible to cross-site scripting (XSS) attacks. The company has already released a software update to address the issue; there are no alternative workarounds available.
According to a Cisco security advisory, the vulnerability stems from “insufficient sanitization of user-supplied input by the affected software.” Unauthenticated, remote attackers can capitalize on this flaw by luring users to a malicious URL, thus opening them up to XSS attacks in their browser sessions.
Cisco also noted that its incident response team is not aware of any malicious exploitation of the vulnerability.