Stored XSS Vulnerability in Cisco Prime Infrastructure and EPNM Management Interfaces
CVE-2023-20203

5.4MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Prime Infrastructure
Cisco Evolved Programmable Network Manager (EPNM)
Vendor
CVE Published:
16 August 2023

Summary

Multiple vulnerabilities exist in the web-based management interfaces of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager, allowing authenticated remote attackers to execute stored cross-site scripting (XSS) attacks. These vulnerabilities arise from inadequate validation of user-supplied input, enabling attackers to craft pages with malicious HTML or script content. To exploit these vulnerabilities, an attacker must have valid authentication credentials, persuading users to access the altered pages. This exploit could lead to the execution of arbitrary script code in the affected interface's context, potentially exposing sensitive browser information.

Affected Version(s)

Cisco Evolved Programmable Network Manager (EPNM) 1.2.6

Cisco Evolved Programmable Network Manager (EPNM) 1.2.2

Cisco Evolved Programmable Network Manager (EPNM) 1.2.3

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.