CVE-2014-8030

Published: Jan 9, 2015Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in sendPwMail.do in Cisco WebEx Meetings Server allows remote attackers to inject arbitrary web script or HTML via the email parameter, aka Bug ID CSCuj40381.

Affected (1)

Products: Cisco: Webex Meetings Server

Cisco

1 product

Webex Meetings Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Webex Meetings Server	All versions

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (10)

http://secunia.com/advisories/62163

Source: psirt@cisco.com

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8030

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/71945

Source: psirt@cisco.com

http://www.securitytracker.com/id/1031517

Source: psirt@cisco.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/100574

Source: psirt@cisco.com

http://secunia.com/advisories/62163