CVE-2018-0390
https://notcve.org/view.php?id=CVE-2018-0390
A vulnerability in the web framework of Cisco Webex could allow an unauthenticated, remote attacker to conduct a Document Object Model-based (DOM-based) cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software by using the HTTP POST method. An attacker who can submit malicious scripts to the affected user interface element could execute arbitrary script or HTML code in the user's browser in the context of the affected site. Cisco Bug IDs: CSCvj33287. Una vulnerabilidad en el framework web de Cisco WebEx podría permitir que un atacante remoto sin autenticar lleve a cabo un ataque de Cross-Site Scripting (XSS) basado en DOM (Document Object Model) contra un usuario de dicha interfaz en el sistema afectado. • http://www.securityfocus.com/bid/104865 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-webex-DOM-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-0357
https://notcve.org/view.php?id=CVE-2018-0357
A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user's browser in the context of an affected site. Cisco Bug IDs: CSCvi71274. Una vulnerabilidad en el framework web de Cisco WebEx podría permitir que un atacante remoto sin autenticar lleve a cabo un ataque de Cross-Site Scripting (XSS) contra un usuario de dicha interfaz en el sistema afectado. • http://www.securityfocus.com/bid/104420 http://www.securitytracker.com/id/1041063 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-webex-xss1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-0264
https://notcve.org/view.php?id=CVE-2018-0264
A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker to execute arbitrary code on the system of a targeted user. An attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or open the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. The following client builds of Cisco WebEx Business Suite (WBS31 and WBS32), Cisco WebEx Meetings, and Cisco WebEx Meetings Server are affected: Cisco WebEx Business Suite (WBS31) client builds prior to T31.23.4, Cisco WebEx Business Suite (WBS32) client builds prior to T32.12, Cisco WebEx Meetings with client builds prior to T32.12, Cisco WebEx Meeting Server builds prior to 3.0 Patch 1. • http://www.securityfocus.com/bid/104073 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-war • CWE-20: Improper Input Validation •
CVE-2015-6384
https://notcve.org/view.php?id=CVE-2015-6384
The Cisco WebEx Meetings application before 8.5.1 for Android improperly initializes custom application permissions, which allows attackers to bypass intended access restrictions via a crafted application, aka Bug ID CSCuw86442. La aplicación Cisco WebEx Meetings en versiones anteriores a 8.5.1 para Android inicializa de manera incorrecta los permisos personalizados de la aplicación, lo que permite a atacantes eludir las restricciones de acceso previstas a través de una aplicación manipulada, también conocida como Bug ID CSCuw86442. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151201-wmc • CWE-264: Permissions, Privileges, and Access Controls •