CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0CVE-2021-1410 – Cisco Webex Meetings Unauthorized Distribution List Update Vulnerability
https://notcve.org/view.php?id=CVE-2021-1410
18 Nov 2024 — A vulnerability in the distribution list feature of Cisco Webex Meetings could allow an authenticated, remote attacker to modify a distribution list that belongs to another user of their organization. The vulnerability is due to insufficient authorization enforcement for requests to update distribution lists. An attacker could exploit this vulnerability by sending a crafted request to the Webex Meetings interface to modify an existing distribution list. A successful exploit could allow the attacker to ... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3 • CWE-284: Improper Access Control •
CVSS: 6.4EPSS: 0%CPEs: 18EXPL: 0CVE-2022-20654 – Cisco Webex Meetings Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2022-20654
15 Nov 2024 — A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based interface of Cisco Webex Meetings. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to ... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-FmbPu2pe • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •