CVE-2023-20133 (webex_meetings)

A vulnerability in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface.

This vulnerability exists because of insufficient validation of user-supplied input in Webex Events (classic) programs, email templates, and survey questions. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context …

attack cisco cisco webex cross-site cve email events exploit input interface questions scripting survey the web validation vulnerability web webex web interface xss