CVE-2021-40115
Cisco Webex Video Mesh Cross-Site Scripting Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in Cisco Webex Video Mesh could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.
Una vulnerabilidad en Cisco Webex Video Mesh podría permitir a un atacante remoto no autenticado llevar a cabo un ataque de tipo cross-site scripting (XSS) contra un usuario de la interfaz. Esta vulnerabilidad es debido a que la interfaz de administración basada en la web no comprueba suficientemente las entradas proporcionadas por el usuario. Un atacante podría explotar esta vulnerabilidad persuadiendo a un usuario para que haga clic en un enlace diseñado. Una explotación con éxito podría permitir al atacante ejecutar código de script arbitrario en el contexto de la interfaz o acceder a información confidencial basada en el navegador
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2021-08-25 CVE Reserved
- 2021-11-04 CVE Published
- 2024-11-07 CVE Updated
- 2024-11-07 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Collaboration Meeting Rooms Search vendor "Cisco" for product "Collaboration Meeting Rooms" | 2.0 Search vendor "Cisco" for product "Collaboration Meeting Rooms" and version "2.0" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Webex Video Mesh Search vendor "Cisco" for product "Webex Video Mesh" | < 2021.10.18.2439m Search vendor "Cisco" for product "Webex Video Mesh" and version " < 2021.10.18.2439m" | - |
Affected
|