Main Vulnerability Database Vulnerabilities #VU17422

#VU17422 Cross-site scripting in Webex Meetings for Android - CVE-2019-1677

Published: February 7, 2019

Vulnerability identifier: #VU17422

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-1677

CWE-ID: CWE-79

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Webex Meetings for Android

Software vendor:
Cisco Systems, Inc

Description

The disclosed vulnerability allows a local authenticated attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A local attacker can send a malicious request to the Webex Meetings application through an intent and execute script code in the context of the Webex Meetings application.

Remediation

Install updates from vendor's website.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190206-webex-andro-xss

#VU17422 Cross-site scripting in Webex Meetings for Android - CVE-2019-1677

Description

Remediation

External links

Please verify you're human