CVE-2019-1680 — Vulnetix

CVE-2019-1680 PUBLISHED CVSS 4.300000190734863 MEDIUM

A vulnerability in Cisco Webex Business Suite could allow an unauthenticated, remote attacker to inject arbitrary text into a user's browser. The vulnerability is due to improper validation of input. An attacker could exploit this vulnerability by convincing a targeted user to view a malicious URL. A successful exploit could allow the attacker to inject arbitrary text into the user's browser. The attacker could use the content injection to conduct spoofing attacks. Versions prior than 3.0.9 are affected.

EPSS 0.26% · 49.6th percentile

Risk Scores

CVSS 3.0

4.300000190734863

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

EPSS Score

0.26%

49.6th percentile

Affected Products

Vendor	Product	Versions
cisco	webex_business_suite	0
cisco	webex_meetings_online	0
Cisco	Cisco Webex Business Suite	unspecified

Exploit Intelligence

106939 (circl)
20190206 Cisco Webex Business Suite Content Injection Vulnerability (circl)

Timeline

Feb 6, 2019 CVE Published
Apr 14, 2021 EPSS Score
Jun 23, 2021 EPSS Score
Aug 24, 2021 EPSS Score
Oct 26, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Feb 28, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 1, 2022 EPSS Score
Jul 3, 2022 EPSS Score
Sep 4, 2022 EPSS Score

References

106939 vdb
20190206 Cisco Webex Business Suite Content Injection Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2019-1680 advisory

Open in Interactive Console →