CVE-2026-20149

Medium CVSS: 6.1

A vulnerability in Cisco Webex could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Cisco has addressed this vulnerability, and no customer action is needed.

This vulnerability was due to improper filtering of user-supplied input. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by persuading a user to follow a malicious link. A successful exploit could have allowed the attacker to conduct an XSS attack against the targeted user.

Vendor

Cisco

Product

Webex

CWE

CWE-79

Yayın Tarihi

2026-03-04 18:16:27

Güncelleme

2026-03-09 17:52:37

Source Identifier

psirt@cisco.com

KEV Date Added

Kategoriler

CWE-79 Webex MEDIUM Cisco 2026

Referanslar

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-TZFTbbwN

Benzer Kayıtlar

Critical

CVE-2026-20131

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could al…

High

CVE-2026-20128

A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticat…

Critical

CVE-2026-20129

A vulnerability in the API user authentication of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote a…

Medium

CVE-2026-20133

A vulnerability in Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to view sensitive infor…

Critical

CVE-2026-20127

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Cat…

Medium

CVE-2026-20122

A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite a…