CVE-2022-20654: 
Cisco Webex Meetings vulnerability analysis and mitigation

A vulnerability (CVE-2022-20654) was discovered in the web-based interface of Cisco Webex Meetings that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against users of the web-based interface. The vulnerability was disclosed on January 19, 2022, affecting the cloud-based Cisco Webex Meetings platform (Cisco Advisory).

The vulnerability stems from insufficient validation of user-supplied input by the web-based interface of Cisco Webex Meetings. The vulnerability has been assigned a CVSS base score of 6.1 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:X/RL:X/RC:X. The vulnerability is categorized under CWE-80, relating to cross-site scripting issues (Cisco Advisory).

A successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. The attack requires user interaction, as the victim needs to click on a maliciously crafted link (Cisco Advisory).

Cisco has released software updates for the cloud-based Webex Meetings platform that address this vulnerability. No user action is required as the fix is implemented on the cloud platform. There are no workarounds available for this vulnerability. Customers requiring additional information are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers (Cisco Advisory).