How severe is CVE-2021-1221?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.1 out of 10.

What type of vulnerability is CVE-2021-1221?

This is classified as CWE-20, which is a common weakness in software security.

CVE-2021-1221 - MEDIUM Severity | CVSS 4.1

Vulnerability Description

A vulnerability in the user interface of Cisco Webex Meetings and Cisco Webex Meetings Server Software could allow an authenticated, remote attacker to inject a hyperlink into a meeting invitation email. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by entering a URL into a field in the user interface. A successful exploit could allow the attacker to generate a Webex Meetings invitation email that contains a link to a destination of their choosing. Because this email is sent from a trusted source, the recipient may be more likely to click the link.

Related Vulnerabilities

CVE-2016-8017

MEDIUM

CVSS:4.1(Medium)

Special element injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to read files on the webserver via a crafted user ...

CWE-202016

CVE-2020-3501

MEDIUM

CVSS:4.1(Medium)

Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerab...

CWE-202020

CVE-2020-3502

MEDIUM

CVSS:4.1(Medium)

CWE-202020

CVE-2021-29770

MEDIUM

CVSS:4.1(Medium)

IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow an authenticated user to perform unauthorized actions due to hazardous input validation. IBM X-Force ID: 202771.

CWE-202021

CVE-2024-21304

MEDIUM

CVSS:4.1(Medium)

Trusted Compute Base Elevation of Privilege Vulnerability

CWE-202024

CVE-2024-41849

MEDIUM

CVSS:4.1(Medium)

Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could lead to a security feature bypass. An low-privileged attacker could leverage ...

CWE-202024