Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.1
Cisco Webex: Unauthenticated XSS Attack Possible via Malicious Link
CVE-2026-20149
Summary
A vulnerability in Cisco Webex allowed an attacker to conduct a malicious attack by tricking a user into clicking a bad link. This could have given the attacker control over the user's Webex session. Cisco has fixed this issue, so no action is required from customers.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| cisco | webex | All versions | – |
Original title
A vulnerability in Cisco Webex could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Cisco has addressed this vulnerability, and no customer action ...
Original description
A vulnerability in Cisco Webex could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Cisco has addressed this vulnerability, and no customer action is needed.
This vulnerability was due to improper filtering of user-supplied input. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by persuading a user to follow a malicious link. A successful exploit could have allowed the attacker to conduct an XSS attack against the targeted user.
This vulnerability was due to improper filtering of user-supplied input. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by persuading a user to follow a malicious link. A successful exploit could have allowed the attacker to conduct an XSS attack against the targeted user.
nvd CVSS3.1
6.1
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
Published: 4 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026