Cisco Systems released an updated patch for a critical vulnerability in its video and instant messaging platform Jabber, originally patched in September. The cross-site scripting bug could have allowed an adversary to execute arbitrary code by merely sending a specially-crafted chat message and compromise a target s system running the Jabber application. The flaw (CVE-2020-26085) has a CVSS score of 9.9 out of 10, making it critical in severity. The bug impacts Cisco Jabber for Windows, Jabber.
Source: https://threatpost.com/critical-cisco-jabber-bug-get-updated-fix/162143/