CVE-2019-1677 MEDIUM

CVE-2019-1677: Cisco Webex Meetings for Android Cross-Site Scripting Vulnerability

Vendor Cisco
Product Cisco WebEx Meetings for Android
Weakness CWE-79 · XSS
Published February 7, 2019
Last update November 21, 2024
View on NVD All CVEs

CVSS base score

5.0/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

A vulnerability in Cisco Webex Meetings for Android could allow an unauthenticated, local attacker to perform a cross-site scripting attack against the application. The vulnerability is due to insufficient validation of the application input parameters. An attacker could exploit this vulnerability by sending a malicious request to the Webex Meetings application through an intent. A successful exploit could allow the attacker to execute script code in the context of the Webex Meetings application. Versions prior to 11.7.0.236 are affected.

Key dates

02Disclosure timeline

February 7, 2019 CVE published
November 21, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-23670 WordPress 4 author cheer up donate plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2025-20273 Cisco Unified Intelligent Contact Management Enterprise Cross-Site Scripting vulnerability CVE-2023-22253 AEM Reflected XSS Arbitrary code execution CVE-2025-24564 WordPress Contact Form With Shortcode plugin <= 4.2.5 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2023-44262 WordPress Blocks Plugin <= 1.6.41 is vulnerable to Cross Site Scripting (XSS)