Severity
Medium
Analysis Summary
CVE-2025-20250 CVSS:6.1
A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input. An attacker could exploit this vulnerability by persuading a user to follow a malicious link. A successful exploit could allow the attacker to conduct a cross-site scripting attack against the targeted user.
CVE-2025-20247 CVSS:6.1
A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack.A vulnerability is due to improper filtering of user-supplied input. An attacker could exploit this vulnerability by persuading a user to follow a malicious link. A successful exploit could allow the attacker to conduct a cross-site scripting attack against the targeted user.
CVE-2025-20246 CVSS:6.1
A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input. An attacker could exploit this vulnerability by persuading a user to follow a malicious link. A successful exploit could allow the attacker to conduct a cross-site scripting attack against the targeted user.
Impact
- Cross-Site Scripting
Indicators of Compromise
CVE
CVE-2025-20250
CVE-2025-20246
CVE-2025-20247
Affected Vendors
- Cisco
Affected Products
- Cisco Webex Meetings
Remediation
Refer to Cisco Security Advisory for patch, upgrade, or suggested workaround information.