Magic WebEx URL allows arbitrary RCE | Lobsters

14

Magic WebEx URL allows arbitrary RCE security bugs.chromium.org
via kb 6 years ago | archive
Archive.org Archive.today Ghostarchive
| 1 comment

1

3

kb 6 years ago | link

Reading the ticket, the “fix” still allows RCE if an attacker can find a single XSS on *.webex.com, which encompasses thousands of domains. Sigh…