Cross-Site Scripting Vulnerability in Cisco Prime Infrastructure and Evolved Programmable Network Manager
CVE-2023-20222

6.1MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Prime Infrastructure; Cisco Evolved Programmable Network Manager (EPNM)
Vendor: CVE Published:; 16 August 2023

Summary

A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) allows an unauthenticated, remote attacker to initiate a cross-site scripting (XSS) attack. This type of vulnerability arises from inadequate validation of user-supplied input within the interface. Attackers can exploit this issue by injecting malicious scripts into specific pages of the interface, potentially enabling them to execute arbitrary code in the context of the user's session. As a result, sensitive information stored in the browser may be exposed, creating significant security concerns for users of the affected systems.

Affected Version(s)

Cisco Evolved Programmable Network Manager (EPNM)

Cisco Prime Infrastructure 2.0.0

Cisco Prime Infrastructure 2.0.10

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 16, 2023
Vulnerability Reserved
Oct 27, 2022