CVE-2022-20654

A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based interface of Cisco Webex Meetings. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Published: Nov 15, 2024
Updated: May 4, 2025
CVE: CVE-2022-20654
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-80

Affected Software
References

Software	From	Fixed in
cisco / webex_meetings	39.7.4	39.7.4.x
cisco / webex_meetings	39.10	39.10.x
cisco / webex_meetings	39.11	39.11.x
cisco / webex_meetings	39.6	39.6.x
cisco / webex_meetings	39.7	39.7.x
cisco / webex_meetings	39.7.7	39.7.7.x
cisco / webex_meetings	39.9	39.9.x
cisco / webex_meetings	40.4.10	40.4.10.x
cisco / webex_meetings	40.6.2	40.6.2.x
cisco / webex_meetings	39.8.2	39.8.2.x
cisco / webex_meetings	39.8.4	39.8.4.x
cisco / webex_meetings	40.1	40.1.x
cisco / webex_meetings	39.9.1	39.9.1.x
cisco / webex_meetings	40.4	40.4.x
cisco / webex_meetings	40.6	40.6.x
cisco / webex_meetings	39.8	39.8.x
cisco / webex_meetings	39.8.3	39.8.3.x
cisco / webex_meetings	40.2	40.2.x

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-FmbPu2pe

Vulnerability Database

CVE-2022-20654