CVE-2020-3345 vulnerability in Cisco Products
Published on July 16, 2020
Cisco Webex Meetings and Cisco Webex Meetings Server HTML Injection Vulnerability
A vulnerability in certain web pages of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to modify a web page in the context of a browser. The vulnerability is due to improper checks on parameter values within affected pages. An attacker could exploit this vulnerability by persuading a user to follow a crafted link that is designed to pass HTML code into an affected parameter. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious web sites, or the attacker could leverage this vulnerability to conduct further client-side attacks.
Weakness Type
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Products Associated with CVE-2020-3345
stack.watch emails you whenever new vulnerabilities are published in Cisco Webex Meetings or Cisco Webex Meetings Server. Just hit a watch button to start following.
Affected Versions
Cisco WebEx Meetings Server Version n/a is affected by CVE-2020-3345Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.