CVE-2026-20233

MEDIUM EPSS 8.2%
Published Jun 3, 20263w ago · Modified Jun 17, 20261w ago
6.1 CVSS 3.1
Medium
Find Similar
Published Jun 3, 2026 3w ago
Last Modified Jun 17, 2026 1w ago

Description

A vulnerability in the web-based user interface of Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Cisco has addressed this vulnerability in the Webex Meetings service, and no customer action is needed. This vulnerability existed because of insufficient validation of user input. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by persuading a user to follow a malicious link. A successful exploit could have allowed the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information.

CVSS Details

Base Score
6.1
Exploitability
2.8
Impact
2.7
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Changed
Confidentiality Low
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
8.2% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 56

VendorProductVersionRange
ciscowebex_meetings39.6.0any
ciscowebex_meetings39.7.0any
ciscowebex_meetings39.7.4any
ciscowebex_meetings39.7.7any
ciscowebex_meetings39.8.0any
ciscowebex_meetings39.8.2any
ciscowebex_meetings39.8.3any
ciscowebex_meetings39.8.4any
ciscowebex_meetings39.9.0any
ciscowebex_meetings39.9.1any
ciscowebex_meetings39.10.0any
ciscowebex_meetings39.11.0any
ciscowebex_meetings40.1.0any
ciscowebex_meetings40.2.0any
ciscowebex_meetings40.4.0any
ciscowebex_meetings40.4.10any
ciscowebex_meetings40.6.0any
ciscowebex_meetings40.6.2any
ciscowebex_meetings42.6.0any
ciscowebex_meetings42.7.0any
ciscowebex_meetings42.8.0any
ciscowebex_meetings42.9.0any
ciscowebex_meetings42.10.0any
ciscowebex_meetings42.11.0any
ciscowebex_meetings42.12.0any
ciscowebex_meetings43.1.0any
ciscowebex_meetings43.2.0any
ciscowebex_meetings43.3.0any
ciscowebex_meetings43.4.0any
ciscowebex_meetings43.4.1any
ciscowebex_meetings43.4.2any
ciscowebex_meetings43.5.0any
ciscowebex_meetings43.6.0any
ciscowebex_meetings43.6.1any
ciscowebex_meetings43.7.0any
ciscowebex_meetings43.8.0any
ciscowebex_meetings43.9.0any
ciscowebex_meetings43.10.0any
ciscowebex_meetings43.11.0any
ciscowebex_meetings43.12.0any
ciscowebex_meetings44.1.0any
ciscowebex_meetings44.2.0any
ciscowebex_meetings44.3.0any
ciscowebex_meetings44.4.0any
ciscowebex_meetings44.5.0any
ciscowebex_meetings44.6.0any
ciscowebex_meetings44.7.0any
ciscowebex_meetings44.8.0any
ciscowebex_meetings44.9.0any
ciscowebex_meetings44.10.0any
ciscowebex_meetings44.11.0any
ciscowebex_meetings44.12.0any
ciscowebex_meetings45.1.0any
ciscowebex_meetings45.2.0any
ciscowebex_meetings45.3.0any
ciscowebex_meetings45.4.0any

References 1

  • sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-jw3NeQzS
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.