ByteOS Network

CVE Vulnerability Details :

CVE-2026-20149

PUBLISHED

More Info Official Page

Assigner-cisco

Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633

Published At-04 Mar, 2026 | 17:24

Updated At-04 Mar, 2026 | 17:24

▼CVE Numbering Authority (CNA)

A vulnerability in Cisco Webex could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Cisco has addressed this vulnerability, and no customer action is needed. This vulnerability was due to improper filtering of user-supplied input. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by persuading a user to follow a malicious link. A successful exploit could have allowed the attacker to conduct an XSS attack against the targeted user.

Affected Products

Vendor

Cisco Systems, Inc.

Product

Cisco Webex Meetings

Versions

Affected

Problem Types

Type	CWE ID	Description
cwe	CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Type: cwe

CWE ID: CWE-79

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Metrics

Version	Base score	Base severity	Vector
3.1	6.1	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Version: 3.1

Base score: 6.1

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploits

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

References

Hyperlink	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-TZFTbbwN	N/A

Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-TZFTbbwN

Resource: N/A

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References