CVE-2019-1680

MEDIUM

Cisco Webex Business Suite < 3.0.9 - Unauthenticated Arbitrary Text Injection via Malicious URL

Title source: llm

Description

A vulnerability in Cisco Webex Business Suite could allow an unauthenticated, remote attacker to inject arbitrary text into a user's browser. The vulnerability is due to improper validation of input. An attacker could exploit this vulnerability by convincing a targeted user to view a malicious URL. A successful exploit could allow the attacker to inject arbitrary text into the user's browser. The attacker could use the content injection to conduct spoofing attacks. Versions prior than 3.0.9 are affected.

References (2)

Core 2

Core References

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/106939

Vendor Advisory vendor-advisory x_refsource_cisco

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190206-webex-injection

Scores

CVSS v3 4.3

EPSS 0.0141

EPSS Percentile 69.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-20 CWE-74

Status published

Products (2)

cisco/webex_business_suite < 3.0.9

cisco/webex_meetings_online < 1.3.42

Published Feb 07, 2019

Tracked Since Feb 18, 2026