1. 14
  1.  

  2. 3

    Reading the ticket, the “fix” still allows RCE if an attacker can find a single XSS on *.webex.com, which encompasses thousands of domains. Sigh…