Cybersecurity specialists report the detection of a severe vulnerability in Webex, the videoconferencing platform developed by Cisco. According to the report, successful exploitation of this flaw would allow threat actors to deploy cross-site scripting (XSS) attacks on affected systems.
Tracked as CVE-2021-34743, the flaw exists due to insufficient validation of the origin of HTTP requests in the Cisco Webex integration feature; remote threat actors could cause the target user to visit a website specially designed for the deployment of XSS attacks.
The flaw received a score of 5.3/10 according to the Common Vulnerability Scoring System (CVSS) and its successful exploitation would allow the total compromise of the affected system.
According to the report, the flaw resides in all versions of Webex and could be exploited by remote threat actors. Although no exploitation attempts have been detected, Cisco recommends that affected users update the application as soon as possible.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
