Webex
CVEs (24)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-3823 | Hig | 0.62 | 8.8 | 0.27 | Feb 1, 2017 | An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager… | ||
| CVE-2018-0390 | Med | 0.40 | 6.1 | 0.01 | Jul 18, 2018 | A vulnerability in the web framework of Cisco Webex could allow an unauthenticated, remote attacker to conduct a Document Object Model-based (DOM-based) cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to… | ||
| CVE-2018-0357 | Med | 0.40 | 6.1 | 0.02 | Jun 7, 2018 | A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain… | ||
| CVE-2018-0356 | Med | 0.40 | 6.1 | 0.02 | Jun 7, 2018 | A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain… | ||
| CVE-2026-20178 | 0.00 | — | 0.00 | Jun 17, 2026 | A vulnerability in the browser-based version of Cisco Webex App could have allowed an unauthenticated, remote attacker to redirect users to a malicious webpage. Cisco has addressed this vulnerability in the Cisco Webex App, and no customer action is needed. This vulnerability… | |||
| CVE-2026-20149 | 0.00 | — | 0.00 | Mar 4, 2026 | A vulnerability in Cisco Webex could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Cisco has addressed this vulnerability, and no customer action is needed. This vulnerability was due to improper filtering of user-supplied… | |||
| CVE-2025-20250 | 0.00 | — | 0.00 | May 21, 2025 | A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input. An attacker could exploit this vulnerability by persuading a user to follow a… | |||
| CVE-2025-20247 | 0.00 | — | 0.00 | May 21, 2025 | A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input. An attacker could exploit this vulnerability by persuading a user to follow a… | |||
| CVE-2025-20246 | 0.00 | — | 0.00 | May 21, 2025 | A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input. An attacker could exploit this vulnerability by persuading a user to follow a… | |||
| CVE-2025-20236 | 0.00 | — | 0.01 | Apr 16, 2025 | A vulnerability in the custom URL parser of Cisco Webex App could allow an unauthenticated, remote attacker to persuade a user to download arbitrary files, which could allow the attacker to execute arbitrary commands on the host of the targeted user. This vulnerability is due… | |||
| CVE-2024-20396 | 0.00 | — | 0.00 | Jul 17, 2024 | A vulnerability in the protocol handlers of Cisco Webex App could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability exists because the affected application does not safely handle file protocol handlers. An attacker could… | |||
| CVE-2024-20395 | 0.00 | — | 0.00 | Jul 17, 2024 | A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information. This vulnerability is due to insecure transmission of requests to backend services when the app accesses… | |||
| CVE-2023-20104 | 0.00 | — | 0.00 | Mar 3, 2023 | A vulnerability in the file upload functionality of Cisco Webex App for Web could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied… | |||
| CVE-2022-20863 | 0.00 | — | 0.01 | Sep 8, 2022 | A vulnerability in the messaging interface of Cisco Webex App, formerly Webex Teams, could allow an unauthenticated, remote attacker to manipulate links or other content within the messaging interface. This vulnerability exists because the affected software does not properly… | |||
| CVE-2020-3116 | 0.00 | — | 0.01 | Sep 23, 2020 | A vulnerability in the way Cisco Webex applications process Universal Communications Format (UCF) files could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of UCF media files. An attacker could exploit this… | |||
| CVE-2013-1116 | 0.00 | — | 0.03 | Sep 6, 2013 | Buffer overflow in Cisco WebEx Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted ARF file, aka… | |||
| CVE-2013-3425 | 0.00 | — | 0.01 | Jul 31, 2013 | The Meeting Center component in Cisco WebEx 11 generates different error messages for invalid file-access attempts depending on whether a file exists, which allows remote authenticated users to enumerate files via a series of SPI calls, aka Bug ID CSCuc35965. | |||
| CVE-2012-6399 | 0.00 | — | 0.01 | May 27, 2013 | Cisco WebEx 4.1 on iOS does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, aka Bug ID… | |||
| CVE-2009-2880 | 0.00 | — | 0.05 | Dec 18, 2009 | Buffer overflow in atrpui.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service… | |||
| CVE-2009-2879 | 0.00 | — | 0.05 | Dec 18, 2009 | Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote… |
- risk 0.62cvss 8.8epss 0.27
An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager…
- risk 0.40cvss 6.1epss 0.01
A vulnerability in the web framework of Cisco Webex could allow an unauthenticated, remote attacker to conduct a Document Object Model-based (DOM-based) cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to…
- risk 0.40cvss 6.1epss 0.02
A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain…
- risk 0.40cvss 6.1epss 0.02
A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain…
- CVE-2026-20178Jun 17, 2026risk 0.00cvss —epss 0.00
A vulnerability in the browser-based version of Cisco Webex App could have allowed an unauthenticated, remote attacker to redirect users to a malicious webpage. Cisco has addressed this vulnerability in the Cisco Webex App, and no customer action is needed. This vulnerability…
- CVE-2026-20149Mar 4, 2026risk 0.00cvss —epss 0.00
A vulnerability in Cisco Webex could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Cisco has addressed this vulnerability, and no customer action is needed. This vulnerability was due to improper filtering of user-supplied…
- CVE-2025-20250May 21, 2025risk 0.00cvss —epss 0.00
A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input. An attacker could exploit this vulnerability by persuading a user to follow a…
- CVE-2025-20247May 21, 2025risk 0.00cvss —epss 0.00
A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input. An attacker could exploit this vulnerability by persuading a user to follow a…
- CVE-2025-20246May 21, 2025risk 0.00cvss —epss 0.00
A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input. An attacker could exploit this vulnerability by persuading a user to follow a…
- CVE-2025-20236Apr 16, 2025risk 0.00cvss —epss 0.01
A vulnerability in the custom URL parser of Cisco Webex App could allow an unauthenticated, remote attacker to persuade a user to download arbitrary files, which could allow the attacker to execute arbitrary commands on the host of the targeted user. This vulnerability is due…
- CVE-2024-20396Jul 17, 2024risk 0.00cvss —epss 0.00
A vulnerability in the protocol handlers of Cisco Webex App could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability exists because the affected application does not safely handle file protocol handlers. An attacker could…
- CVE-2024-20395Jul 17, 2024risk 0.00cvss —epss 0.00
A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information. This vulnerability is due to insecure transmission of requests to backend services when the app accesses…
- CVE-2023-20104Mar 3, 2023risk 0.00cvss —epss 0.00
A vulnerability in the file upload functionality of Cisco Webex App for Web could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied…
- CVE-2022-20863Sep 8, 2022risk 0.00cvss —epss 0.01
A vulnerability in the messaging interface of Cisco Webex App, formerly Webex Teams, could allow an unauthenticated, remote attacker to manipulate links or other content within the messaging interface. This vulnerability exists because the affected software does not properly…
- CVE-2020-3116Sep 23, 2020risk 0.00cvss —epss 0.01
A vulnerability in the way Cisco Webex applications process Universal Communications Format (UCF) files could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of UCF media files. An attacker could exploit this…
- CVE-2013-1116Sep 6, 2013risk 0.00cvss —epss 0.03
Buffer overflow in Cisco WebEx Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted ARF file, aka…
- CVE-2013-3425Jul 31, 2013risk 0.00cvss —epss 0.01
The Meeting Center component in Cisco WebEx 11 generates different error messages for invalid file-access attempts depending on whether a file exists, which allows remote authenticated users to enumerate files via a series of SPI calls, aka Bug ID CSCuc35965.
- CVE-2012-6399May 27, 2013risk 0.00cvss —epss 0.01
Cisco WebEx 4.1 on iOS does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, aka Bug ID…
- CVE-2009-2880Dec 18, 2009risk 0.00cvss —epss 0.05
Buffer overflow in atrpui.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service…
- CVE-2009-2879Dec 18, 2009risk 0.00cvss —epss 0.05
Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote…
Page 1 of 2