cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-1410,https://securityvulnerability.io/vulnerability/CVE-2021-1410,Cisco Webex Meetings Vulnerability: Modification of Distribution Lists by Unauthorized Users,"A vulnerability exists in the distribution list feature of Cisco Webex Meetings, enabling an authenticated remote attacker to alter distribution lists belonging to other users within the same organization. This flaw arises from inadequate enforcement of authorization checks when processing update requests for distribution lists. An attacker capable of exploiting this vulnerability can send a specially crafted request to the Webex Meetings interface, thereby gaining the ability to modify distribution lists they are not entitled to access. Cisco has released updates aimed at addressing this issue, with no workarounds available to mitigate the risk.",Cisco,Cisco Webex Meetings,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-11-18T15:38:58.195Z,0
CVE-2022-20654,https://securityvulnerability.io/vulnerability/CVE-2022-20654,Cisco Webex Meetings Vulnerability Allows Cross-Site Scripting Attacks,"A cross-site scripting vulnerability exists in the web-based interface of Cisco Webex Meetings, enabling an unauthenticated, remote attacker to perform malicious actions. This issue arises from the insufficient validation of user-supplied input, which can be exploited when an unsuspecting user clicks on a specially crafted link. If successfully exploited, an attacker could execute arbitrary script code within the affected interface, potentially accessing sensitive browser-based information. Cisco has released software updates to mitigate this vulnerability, and no workarounds are currently available.",Cisco,Cisco Webex Meetings,6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-11-15T16:02:24.793Z,0
CVE-2023-20133,https://securityvulnerability.io/vulnerability/CVE-2023-20133,Stored Cross-Site Scripting Vulnerability in Cisco Webex Meetings,"A security flaw in the web interface of Cisco Webex Meetings allows authenticated, remote attackers to execute stored cross-site scripting (XSS) attacks. This vulnerability arises from inadequate validation of user-supplied data within Webex Events (classic) applications, email templates, and survey questions. An attacker can exploit this by convincing a user to click on a crafted link, enabling the execution of malicious scripts within the browser context of the target user. This exploitation may lead to unauthorized access to sensitive information stored in the browser.",Cisco,Cisco Webex Meetings,5.4,MEDIUM,0.000590000010561198,false,,false,false,true,2024-10-23T21:15:06.000Z,,false,false,,2023-07-07T20:15:00.000Z,0
CVE-2023-20180,https://securityvulnerability.io/vulnerability/CVE-2023-20180,Cross-Site Request Forgery Vulnerability in Cisco Webex Meetings,"A vulnerability exists in the web interface of Cisco Webex Meetings, allowing remote attackers to potentially exploit CSRF weaknesses. This issue arises from insufficient CSRF protections on the affected system. An attacker could trick a user into clicking a malicious link, enabling them to perform unauthorized actions such as joining meetings or scheduling training sessions. Users of Cisco Webex Meetings should be aware of this vulnerability and implement security measures to safeguard against potential exploits.",Cisco,Cisco Webex Meetings,4.3,MEDIUM,0.0007399999885819852,false,,false,false,false,,,false,false,,2023-07-07T20:15:00.000Z,0
CVE-2023-20132,https://securityvulnerability.io/vulnerability/CVE-2023-20132,Cisco Webex Meetings Web UI Vulnerabilities,"Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack or upload arbitrary files as recordings. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Webex Meetings,5.4,MEDIUM,0.0006600000197067857,false,,false,false,true,2024-10-25T17:15:15.000Z,,false,false,,2023-04-05T00:00:00.000Z,0
CVE-2023-20134,https://securityvulnerability.io/vulnerability/CVE-2023-20134,Cisco Webex Meetings Web UI Vulnerabilities,"Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack or upload arbitrary files as recordings. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Webex Meetings,5.4,MEDIUM,0.0007999999797903001,false,,false,false,true,2024-10-25T17:15:15.000Z,,false,false,,2023-04-05T00:00:00.000Z,0
CVE-2022-20863,https://securityvulnerability.io/vulnerability/CVE-2022-20863,Cisco Webex Meetings App Character Interface Manipulation Vulnerability,"A vulnerability in the messaging interface of Cisco Webex App, formerly Webex Teams, could allow an unauthenticated, remote attacker to manipulate links or other content within the messaging interface. This vulnerability exists because the affected software does not properly handle character rendering. An attacker could exploit this vulnerability by sending messages within the application interface. A successful exploit could allow the attacker to modify the display of links or other content within the interface, potentially allowing the attacker to conduct phishing or spoofing attacks.",Cisco,Cisco Webex Meetings Desktop App,4.3,MEDIUM,0.0011500000255182385,false,,false,false,true,2024-08-03T03:15:44.000Z,,false,false,,2022-09-07T00:00:00.000Z,0
CVE-2022-20852,https://securityvulnerability.io/vulnerability/CVE-2022-20852,Cisco Webex Meetings Web Interface Vulnerabilities,"Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow a remote attacker to conduct a cross-site scripting (XSS) attack or a frame hijacking attack against a user of the web interface. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Webex Meetings,5.4,MEDIUM,0.001230000052601099,false,,false,false,true,2024-08-03T03:15:44.000Z,,false,false,,2022-08-10T09:15:00.000Z,0
CVE-2022-20820,https://securityvulnerability.io/vulnerability/CVE-2022-20820,Cisco Webex Meetings Web Interface Vulnerabilities,"Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow a remote attacker to conduct a cross-site scripting (XSS) attack or a frame hijacking attack against a user of the web interface. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Webex Meetings,5.4,MEDIUM,0.0006600000197067857,false,,false,false,true,2024-08-03T03:15:43.000Z,,false,false,,2022-08-10T09:15:00.000Z,0
CVE-2022-20778,https://securityvulnerability.io/vulnerability/CVE-2022-20778,Cisco Webex Meetings Cross-Site Scripting Vulnerability,"A vulnerability in the authentication component of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the authentication component of Cisco Webex Meetings. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",Cisco,Cisco Webex Meetings,6.1,MEDIUM,0.0014700000174343586,false,,false,false,true,2024-08-03T03:15:41.000Z,,false,false,,2022-04-21T19:15:00.000Z,0
CVE-2022-20763,https://securityvulnerability.io/vulnerability/CVE-2022-20763,Cisco Webex Meetings Java Deserialization Vulnerability,"A vulnerability in the login authorization components of Cisco Webex Meetings could allow an authenticated, remote attacker to inject arbitrary Java code. This vulnerability is due to improper deserialization of Java code within login requests. An attacker could exploit this vulnerability by sending malicious login requests to the Cisco Webex Meetings service. A successful exploit could allow the attacker to inject arbitrary Java code and take arbitrary actions within the Cisco Webex Meetings application.",Cisco,Cisco Webex Meetings,5.4,MEDIUM,0.005950000137090683,false,,false,false,true,2024-08-03T03:15:40.000Z,,false,false,,2022-04-06T00:00:00.000Z,0
CVE-2021-40128,https://securityvulnerability.io/vulnerability/CVE-2021-40128,Cisco Webex Meetings Email Content Injection Vulnerability,"A vulnerability in the account activation feature of Cisco Webex Meetings could allow an unauthenticated, remote attacker to send an account activation email with an activation link that points to an arbitrary domain. This vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by sending a crafted HTTP request to the account activation page of Cisco Webex Meetings. A successful exploit could allow the attacker to send to any recipient an account activation email that contains a tampered activation link, which could direct the user to an attacker-controlled website.",Cisco,Cisco Webex Meetings,5.3,MEDIUM,0.0009599999757483602,false,,false,false,true,2024-08-04T03:16:55.000Z,,false,false,,2021-11-04T16:15:00.000Z,0
CVE-2021-34743,https://securityvulnerability.io/vulnerability/CVE-2021-34743,Cisco Webex Software Application Authorization Bypass Vulnerability,"A vulnerability in the application integration feature of Cisco Webex Software could allow an unauthenticated, remote attacker to authorize an external application to integrate with and access a user's account without that user's express consent. This vulnerability is due to improper validation of cross-site request forgery (CSRF) tokens. An attacker could exploit this vulnerability by convincing a targeted user who is currently authenticated to Cisco Webex Software to follow a link designed to pass malicious input to the Cisco Webex Software application authorization interface. A successful exploit could allow the attacker to cause Cisco Webex Software to authorize an application on the user's behalf without the express consent of the user, possibly allowing external applications to read data from that user's profile.",Cisco,Cisco Webex Meetings,4.3,MEDIUM,0.0007699999841861427,false,,false,false,true,2024-08-04T02:15:22.000Z,,false,false,,2021-10-21T03:15:00.000Z,0
CVE-2021-1503,https://securityvulnerability.io/vulnerability/CVE-2021-1503,Cisco Webex Network Recording Player and Webex Player Memory Corruption Vulnerability,A vulnerability in Cisco Webex Network Recording Player for Windows and MacOS and Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system. This vulnerability is due to insufficient validation of values in Webex recording files that are in either Advanced Recording Format (ARF) or Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.,Cisco,Cisco Webex Meetings,7.8,HIGH,0.0007200000109151006,false,,false,false,true,2024-08-03T17:15:58.000Z,,false,false,,2021-06-04T17:15:00.000Z,0
CVE-2021-1544,https://securityvulnerability.io/vulnerability/CVE-2021-1544,Cisco Webex Meetings Client Software Logging Information Disclosure Vulnerability,"A vulnerability in logging mechanisms of Cisco Webex Meetings client software could allow an authenticated, local attacker to gain access to sensitive information. This vulnerability is due to unsafe logging of application actions. An attacker could exploit this vulnerability by logging onto the local system and accessing files containing the logged details. A successful exploit could allow the attacker to gain access to sensitive information, including meeting data and recorded meeting transcriptions.",Cisco,Cisco Webex Meetings,5.5,MEDIUM,0.0004199999966658652,false,,false,false,true,2024-08-03T17:16:00.000Z,,false,false,,2021-06-04T17:15:00.000Z,0
CVE-2021-1525,https://securityvulnerability.io/vulnerability/CVE-2021-1525,Cisco Webex Meetings and Webex Meetings Server File Redirect Vulnerability,"A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to redirect users to a malicious file. This vulnerability is due to improper validation of URL paths in the application interface. An attacker could exploit this vulnerability by persuading a user to follow a specially crafted URL that is designed to cause Cisco Webex Meetings to include a remote file in the web UI. A successful exploit could allow the attacker to cause the application to offer a remote file to a user, which could allow the attacker to conduct further phishing or spoofing attacks.",Cisco,Cisco Webex Meetings Server,4.7,MEDIUM,0.001230000052601099,false,,false,false,true,2024-08-03T17:15:59.000Z,,false,false,,2021-06-04T17:15:00.000Z,0
CVE-2021-1502,https://securityvulnerability.io/vulnerability/CVE-2021-1502,Cisco Webex Network Recording Player and Webex Player Memory Corruption Vulnerability,A vulnerability in Cisco Webex Network Recording Player for Windows and MacOS and Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system. The vulnerability is due to insufficient validation of values within Webex recording files formatted as either Advanced Recording Format (ARF) or Webex Recording Format (WRF). An attacker could exploit the vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.,Cisco,Cisco Webex Meetings,7.8,HIGH,0.0007200000109151006,false,,false,false,true,2024-08-03T17:15:58.000Z,,false,false,,2021-06-04T17:15:00.000Z,0
CVE-2021-1526,https://securityvulnerability.io/vulnerability/CVE-2021-1526,Cisco Webex Player Memory Corruption Vulnerability,A vulnerability in Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system. This vulnerability is due to insufficient validation of values in Webex recording files that are in Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.,Cisco,Cisco Webex Meetings,7.8,HIGH,0.0007200000109151006,false,,false,false,true,2024-08-03T17:16:00.000Z,,false,false,,2021-06-04T17:15:00.000Z,0
CVE-2021-1517,https://securityvulnerability.io/vulnerability/CVE-2021-1517,Cisco Webex Meetings and Webex Meetings Server Multimedia Sharing Security Bypass Vulnerability,"A vulnerability in the multimedia viewer feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to bypass security protections. This vulnerability is due to unsafe handling of shared content within the multimedia viewer feature. An attacker could exploit this vulnerability by sharing a file through the multimedia viewer feature. A successful exploit could allow the attacker to bypass security protections and prevent warning dialogs from appearing before files are offered to other users.",Cisco,Cisco Webex Meetings Server,5,MEDIUM,0.0007300000288523734,false,,false,false,true,2024-08-03T17:15:59.000Z,,false,false,,2021-06-04T17:15:00.000Z,0
CVE-2021-1527,https://securityvulnerability.io/vulnerability/CVE-2021-1527,Cisco Webex Player Memory Corruption Vulnerability,A vulnerability in Cisco Webex Player for Windows and MacOS could allow an attacker to cause the affected software to terminate or to gain access to memory state information that is related to the vulnerable application. The vulnerability is due to insufficient validation of values in Webex recording files that are stored in Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a malicious WRF file to a user as a link or email attachment and then persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to crash the affected software and view memory state information.,Cisco,Cisco Webex Meetings,5.3,MEDIUM,0.0005499999970197678,false,,false,false,true,2024-08-03T17:16:00.000Z,,false,false,,2021-06-04T17:15:00.000Z,0
CVE-2021-1467,https://securityvulnerability.io/vulnerability/CVE-2021-1467,Cisco Webex Meetings for Android Avatar Modification Vulnerability,"A vulnerability in Cisco Webex Meetings for Android could allow an authenticated, remote attacker to modify the avatar of another user. This vulnerability is due to improper authorization checks. An attacker could exploit this vulnerability by sending a crafted request to the Cisco Webex Meetings client of a targeted user of a meeting in which they are both participants. A successful exploit could allow the attacker to modify the avatar of the targeted user.",Cisco,Cisco Webex Meetings,4.3,MEDIUM,0.0007300000288523734,false,,false,false,true,2024-08-03T17:15:57.000Z,,false,false,,2021-04-08T04:15:00.000Z,0
CVE-2021-1420,https://securityvulnerability.io/vulnerability/CVE-2021-1420,Cisco Webex Meetings HTML Injection Vulnerability,"A vulnerability in certain web pages of Cisco Webex Meetings could allow an unauthenticated, remote attacker to modify a web page in the context of a user's browser. The vulnerability is due to improper checks on parameter values in affected pages. An attacker could exploit this vulnerability by persuading a user to follow a crafted link that is designed to pass HTML code into an affected parameter. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious websites, or the attacker could use this vulnerability to conduct further client-side attacks.",Cisco,Cisco Webex Meetings,4.7,MEDIUM,0.001230000052601099,false,,false,false,true,2024-08-03T17:15:55.000Z,,false,false,,2021-04-08T04:15:00.000Z,0
CVE-2021-1351,https://securityvulnerability.io/vulnerability/CVE-2021-1351,Cisco Webex Meetings Cross-Site Scripting Vulnerability,"A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected service. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected service. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",Cisco,Cisco Webex Meetings,6.1,MEDIUM,0.001509999972768128,false,,false,false,true,2024-08-03T17:15:51.000Z,,false,false,,2021-02-17T00:00:00.000Z,0
CVE-2021-1221,https://securityvulnerability.io/vulnerability/CVE-2021-1221,Cisco Webex Meetings and Cisco Webex Meetings Server Software Hyperlink Injection Vulnerability,"A vulnerability in the user interface of Cisco Webex Meetings and Cisco Webex Meetings Server Software could allow an authenticated, remote attacker to inject a hyperlink into a meeting invitation email. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by entering a URL into a field in the user interface. A successful exploit could allow the attacker to generate a Webex Meetings invitation email that contains a link to a destination of their choosing. Because this email is sent from a trusted source, the recipient may be more likely to click the link.",Cisco,Cisco Webex Meetings Server,4.1,MEDIUM,0.0007099999929778278,false,,false,false,true,2024-08-03T17:15:45.000Z,,false,false,,2021-02-04T17:15:00.000Z,0
CVE-2021-1310,https://securityvulnerability.io/vulnerability/CVE-2021-1310,Cisco Webex Meetings Open Redirect Vulnerability,"A vulnerability in the web-based management interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to redirect a user to an untrusted web page, bypassing the warning mechanism that should prompt the user before the redirection. This vulnerability is due to improper input validation of the URL parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website, bypassing the Webex URL check that should result in a warning before the redirection to the web page. Attackers may use this type of vulnerability, known as an open redirect attack, as part of a phishing attack to convince users to unknowingly visit malicious sites.",Cisco,Cisco Webex Meetings,4.7,MEDIUM,0.0010900000343099236,false,,false,false,true,2024-08-03T17:15:49.000Z,,false,false,,2021-01-13T00:00:00.000Z,0