Description
A vulnerability in the web-based user interface of Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Cisco has addressed this vulnerability in the Webex Meetings service, and no customer action is needed.

This vulnerability existed because of insufficient validation of user input. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by persuading a user to follow a malicious link. A successful exploit could have allowed the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information.
Published: 2026-06-03
Score: 6.1 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The disclosed issue is a client‑side cross‑site scripting vulnerability in the web‑based interface of Cisco Webex Meetings. An unauthenticated remote attacker could persuade a victim to click a malicious link, causing arbitrary JavaScript to run in the victim’s browser. This could allow the attacker to execute arbitrary code, steal session data, or read sensitive browser‑based information, posing a moderate confidentiality and integrity risk.

Affected Systems

Cisco Webex Meetings, a collaboration platform offered by Cisco. All installations that use the web‑based user interface are potentially affected; the advisory does not list specific version numbers, so current releases are assumed impacted until the issue is patched.

Risk and Exploitability

The vulnerability has a CVSS score of 6.1, indicating moderate severity. The EPSS score is not available, and it is not listed in the CISA KEV catalog. Exploitation requires social engineering to get the user to open a crafted link, limiting but not eliminating risk. Cisco has released a fix and states no customer action is required.

Generated by OpenCVE AI on June 3, 2026 at 19:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Configure a Content Security Policy that restricts inline script execution and controls script sources.
  • Conduct user awareness training to recognize suspicious links and phishing attempts.
  • Enable advanced browser security features such as script execution blocking or antivirus protection to mitigate XSS.

Generated by OpenCVE AI on June 3, 2026 at 19:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 03 Jun 2026 17:45:00 +0000

Type Values Removed Values Added
Description A vulnerability in the web-based user interface of Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Cisco has addressed this vulnerability in the Webex Meetings service, and no customer action is needed. This vulnerability existed because of insufficient validation of user input. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by persuading a user to follow a malicious link. A successful exploit could have allowed the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information.
Title Cisco Webex Meetings Cross-Site Scripting Vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-06-03T17:49:49.471Z

Reserved: 2025-10-08T11:59:15.399Z

Link: CVE-2026-20233

cve-icon Vulnrichment

Updated: 2026-06-03T17:49:45.528Z

cve-icon NVD

Status : Received

Published: 2026-06-03T18:16:20.320

Modified: 2026-06-03T18:16:20.320

Link: CVE-2026-20233

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-03T19:30:36Z

Weaknesses