CVE-2021-1420 MEDIUM

CVE-2021-1420: Cisco Webex Meetings HTML Injection Vulnerability

Vendor Cisco
Product Cisco Webex Meetings
Weakness CWE-80 · XSS · basic
Published April 8, 2021
Last update November 8, 2024

CVSS base score

4.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability in certain web pages of Cisco Webex Meetings could allow an unauthenticated, remote attacker to modify a web page in the context of a user's browser. The vulnerability is due to improper checks on parameter values in affected pages. An attacker could exploit this vulnerability by persuading a user to follow a crafted link that is designed to pass HTML code into an affected parameter. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious websites, or the attacker could use this vulnerability to conduct further client-side attacks.

Key dates

02Disclosure timeline

April 8, 2021 CVE published
November 8, 2024 Record updated