CVE-2017-3811

MEDIUM

Cisco WebEx Meetings Server <2.6 - XSS

Title source: llm

Description

An XML External Entity vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to have read access to part of the information stored in the affected system. More Information: CSCvc39165. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.2054.

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/96912

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1038042

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-wms

Scores

CVSS v3 6.5

EPSS 0.0032

EPSS Percentile 55.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-611

Status published

Affected Products (2)

cisco/webex_meetings_server

n/a/Cisco WebEx Meetings Server < Cisco WebEx Meetings Server

Timeline

Published Mar 17, 2017

Tracked Since Feb 18, 2026