XSS in Cisco Webex_social

CVE-2013-1244

Cross-site scripting (XSS) vulnerability in the portal module in Cisco WebEx Social allows remote authenticated users to inject arbitrary web script or HTML via a javascript: URL in the link field in a post, aka Bug ID CSCue67199.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.002 (40.1th percentile) — read the EPSS interpretation.

Affected products

Cisco Webex_social
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

20130514 WebEx Social Allows JavaScript URLs in Links Attached to Posts (x_refsource_CISCO, vendor-advisory, Vendor Advisory)