CVE-2026-20233
Analyzed Analyzed - Analysis Complete
Reflected XSS in Cisco Webex Meetings

Publication date: 2026-06-03

Last updated on: 2026-06-08

Assigner: Cisco Systems, Inc.

Description
A vulnerability in the web-based user interface of Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Cisco has addressed this vulnerability in the Webex Meetings service, and no customer action is needed. This vulnerability existed because of insufficient validation of user input. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by persuading a user to follow a malicious link. A successful exploit could have allowed the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-03
Last Modified
2026-06-08
Generated
2026-06-24
AI Q&A
2026-06-03
EPSS Evaluated
2026-06-22
NVD
CVE-2026-20233
EUVD
EUVD-2026-34135
Affected Vendors & Products
Showing 56 associated CPEs
Vendor Product Version / Range
cisco webex_meetings 40.6.0
cisco webex_meetings 39.7.4
cisco webex_meetings 39.7.7
cisco webex_meetings 39.8.2
cisco webex_meetings 39.8.3
cisco webex_meetings 39.8.4
cisco webex_meetings 39.9.1
cisco webex_meetings 40.4.10
cisco webex_meetings 40.6.2
cisco webex_meetings 43.4.2
cisco webex_meetings 43.5.0
cisco webex_meetings 43.4.1
cisco webex_meetings 39.10.0
cisco webex_meetings 39.11.0
cisco webex_meetings 39.6.0
cisco webex_meetings 39.7.0
cisco webex_meetings 39.8.0
cisco webex_meetings 39.9.0
cisco webex_meetings 40.1.0
cisco webex_meetings 40.2.0
cisco webex_meetings 40.4.0
cisco webex_meetings 42.10.0
cisco webex_meetings 42.11.0
cisco webex_meetings 42.12.0
cisco webex_meetings 42.6.0
cisco webex_meetings 42.7.0
cisco webex_meetings 42.8.0
cisco webex_meetings 42.9.0
cisco webex_meetings 43.1.0
cisco webex_meetings 43.10.0
cisco webex_meetings 43.11.0
cisco webex_meetings 43.12.0
cisco webex_meetings 43.2.0
cisco webex_meetings 43.3.0
cisco webex_meetings 43.4.0
cisco webex_meetings 43.6.0
cisco webex_meetings 43.6.1
cisco webex_meetings 43.7.0
cisco webex_meetings 43.8.0
cisco webex_meetings 43.9.0
cisco webex_meetings 44.1.0
cisco webex_meetings 44.10.0
cisco webex_meetings 44.11.0
cisco webex_meetings 44.12.0
cisco webex_meetings 44.2.0
cisco webex_meetings 44.3.0
cisco webex_meetings 44.4.0
cisco webex_meetings 44.5.0
cisco webex_meetings 44.6.0
cisco webex_meetings 44.7.0
cisco webex_meetings 44.8.0
cisco webex_meetings 44.9.0
cisco webex_meetings 45.1.0
cisco webex_meetings 45.2.0
cisco webex_meetings 45.3.0
cisco webex_meetings 45.4.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the web-based user interface of Cisco Webex Meetings and is a cross-site scripting (XSS) flaw. It occurs because the application does not sufficiently validate user input. An unauthenticated, remote attacker could exploit this by tricking a user into clicking a malicious link, which would then allow the attacker to execute arbitrary script code in the user's browser or access sensitive information stored in the browser.

Compliance Impact

The vulnerability could have allowed an attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information due to insufficient validation of user input.

Such unauthorized access to sensitive information could potentially impact compliance with standards and regulations like GDPR or HIPAA, which require protection of personal and sensitive data.

However, Cisco has addressed this vulnerability in the Webex Meetings service, and no customer action is needed.

Impact Analysis

If exploited, this vulnerability could allow an attacker to run malicious scripts in the context of the victim's browser session. This could lead to unauthorized access to sensitive browser-based information or actions performed on behalf of the user without their consent. The impact includes potential data theft, session hijacking, or other malicious activities that compromise user security and privacy.

Mitigation Strategies

Cisco has addressed this vulnerability in the Webex Meetings service, and no customer action is needed.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20233. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart