VDB
CVE-2018-0390
CVE-2018-0390
PUBLISHED
CVSS 4.300000190734863 MEDIUM
A vulnerability in the web framework of Cisco Webex could allow an unauthenticated, remote attacker to conduct a Document Object Model-based (DOM-based) cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software by using the HTTP POST method. An attacker who can submit malicious scripts to the affected user interface element could execute arbitrary script or HTML code in the user's browser in the context of the affected site. Cisco Bug IDs: CSCvj33287.
EPSS 0.21% · 43.5th percentile
Risk Scores
CVSS 2.0
4.300000190734863
EPSS Score
0.21%
43.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | webex_meetings | 2.0 |
| n/a | Cisco Webex unknown | Cisco Webex unknown |
Exploit Intelligence
Timeline
- Jul 18, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score