Vulnerability Details CVE-2018-15436
A vulnerability in the web-based management interface of Cisco Webex Events Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected service. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 56.1%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://www.securityfocus.com/bid/105557
- http://www.securitytracker.com/id/1041793
- http://www.securitytracker.com/id/1041794
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-webex-xss
- http://www.securityfocus.com/bid/105557
- http://www.securitytracker.com/id/1041793
- http://www.securitytracker.com/id/1041794
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-webex-xss
Products affected by CVE-2018-15436
-
cpe:2.3:a:cisco:webex_business_suite_31:31.29.2
-
cpe:2.3:a:cisco:webex_business_suite_31:31.30
-
cpe:2.3:a:cisco:webex_business_suite_31:t31.16
-
cpe:2.3:a:cisco:webex_business_suite_31:t31.17
-
cpe:2.3:a:cisco:webex_business_suite_31:t31.17.2
-
cpe:2.3:a:cisco:webex_business_suite_31:t31.17.5
-
cpe:2.3:a:cisco:webex_business_suite_31:t31.18
-
cpe:2.3:a:cisco:webex_business_suite_31:t31.19
-
cpe:2.3:a:cisco:webex_business_suite_31:t31.20
-
cpe:2.3:a:cisco:webex_business_suite_31:t31.20.2
-
cpe:2.3:a:cisco:webex_business_suite_31:t31.21
-
cpe:2.3:a:cisco:webex_business_suite_31:t31.22
-
cpe:2.3:a:cisco:webex_business_suite_31:t31.23
-
cpe:2.3:a:cisco:webex_business_suite_31:t31.23.2
-
cpe:2.3:a:cisco:webex_business_suite_31:t32.12
-
cpe:2.3:a:cisco:webex_business_suite_32:32.17.2
-
cpe:2.3:a:cisco:webex_business_suite_32:t31.23.4
-
cpe:2.3:a:cisco:webex_business_suite_32:t32.0
-
cpe:2.3:a:cisco:webex_business_suite_32:t32.1
-
cpe:2.3:a:cisco:webex_business_suite_32:t32.10
-
cpe:2.3:a:cisco:webex_business_suite_32:t32.2
-
cpe:2.3:a:cisco:webex_business_suite_32:t32.3
-
cpe:2.3:a:cisco:webex_business_suite_32:t32.3.2
-
cpe:2.3:a:cisco:webex_business_suite_32:t32.4
-
cpe:2.3:a:cisco:webex_business_suite_32:t32.4.3
-
cpe:2.3:a:cisco:webex_business_suite_32:t32.5
-
cpe:2.3:a:cisco:webex_business_suite_32:t32.5.2
-
cpe:2.3:a:cisco:webex_business_suite_32:t32.5.3
-
cpe:2.3:a:cisco:webex_business_suite_32:t32.5.4
-
cpe:2.3:a:cisco:webex_business_suite_32:t32.6
-
cpe:2.3:a:cisco:webex_business_suite_32:t32.6.4
-
cpe:2.3:a:cisco:webex_business_suite_32:t32.6.5
-
cpe:2.3:a:cisco:webex_business_suite_32:t32.6.6
-
cpe:2.3:a:cisco:webex_business_suite_32:t32.7
-
cpe:2.3:a:cisco:webex_business_suite_32:t32.7.1
-
cpe:2.3:a:cisco:webex_business_suite_32:t32.7.5
-
cpe:2.3:a:cisco:webex_business_suite_32:t32.8
-
cpe:2.3:a:cisco:webex_business_suite_32:t32.8.2
-
cpe:2.3:a:cisco:webex_business_suite_32:t32.8.3
-
cpe:2.3:a:cisco:webex_business_suite_32:t32.8.4
-
cpe:2.3:a:cisco:webex_business_suite_32:t32.9
-
cpe:2.3:a:cisco:webex_business_suite_32:t32.9.3
-
cpe:2.3:a:cisco:webex_business_suite_33:33.4.3
-
cpe:2.3:a:cisco:webex_business_suite_33:33.5
-
cpe:2.3:a:cisco:webex_business_suite_33:33.6
-
cpe:2.3:a:cisco:webex_meetings_online:t33.4.0