CVE-2026-20233 MEDIUM

CVE-2026-20233: Cisco Webex Meetings Cross-Site Scripting Vulnerability

Vendor Cisco
Product Cisco Webex Meetings
Weakness CWE-79 · XSS
Published June 3, 2026
Last update June 3, 2026

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

A vulnerability in the web-based user interface of Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Cisco has addressed this vulnerability in the Webex Meetings service, and no customer action is needed. This vulnerability existed because of insufficient validation of user input. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by persuading a user to follow a malicious link. A successful exploit could have allowed the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information.

Key dates

02Disclosure timeline

June 3, 2026 CVE published
June 3, 2026 Record updated

Related vulnerabilities

04Related CVE