CVE-2026-20233
6.1 MEDIUMA vulnerability in the web-based user interface of Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to conduct...
Published: 2026-06-03 · Last updated: 2026-06-08
Severity and scoring
- CVSS
- 6.1 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- CWE
- CWE-79
Affected products
| Vendor | Product |
|---|---|
| cisco | webex_meetings |
Description
A vulnerability in the web-based user interface of Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Cisco has addressed this vulnerability in the Webex Meetings service, and no customer action is needed. This vulnerability existed because of insufficient validation of user input. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by persuading a user to follow a malicious link. A successful exploit could have allowed the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-20245 — A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vM... (7.8 HIGH)
- CVE-2026-5944 — An improper access control vulnerability exists in the Cisco Intersight Device Connector for Nutanix Prism Central (8.2 HIGH)
- CVE-2026-20025 — A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an authenticated, ad... (6.8 MEDIUM)
- CVE-2026-20016 — A vulnerability in the Cisco FXOS Software CLI feature for Cisco Secure Firewall ASA Software and Secure FTD Software could allow an auth... (6.0 MEDIUM)
- CVE-2026-20069 — A vulnerability in the VPN web services component of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Fi... (4.3 MEDIUM)
Same CWE
- CVE-2026-2827 — The Open User Map PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'oum_location_notification' parameter in ... (4.7 MEDIUM)
- CVE-2026-42558 — Xibo is an open source digital signage platform with a web content management system and Windows display player software (7.6 HIGH)
- CVE-2026-53742 — Simple Link Directory through 9.0.4 echoes embed shortcode attributes into HTML data attributes without escaping in the embedder template (5.4 MEDIUM)
- CVE-2026-53741 — Simple Link Directory through 9.0.4 interpolates the sld_no_results_found option into a JavaScript string literal without encoding (5.4 MEDIUM)
- CVE-2026-53740 — Yoast Duplicate Post through 4.6 inserts an unescaped post title and permalink into the Classic Editor scheduled republish notice (5.4 MEDIUM)