Cisco yesterday disclosed a vulnerability in version 2.6 of its WebEx Meetings Server that leaves users susceptible to cross-site scripting (XSS) attacks. The company has already released a software update to address the issue; there are no alternative workarounds available.

According to a Cisco security advisory, the vulnerability stems from “insufficient sanitization of user-supplied input by the affected software.” Unauthenticated, remote attackers can capitalize on this flaw by luring users to a malicious URL, thus opening them up to XSS attacks in their browser sessions.

Cisco also noted that its incident response team is not aware of any malicious exploitation of the vulnerability.