Cross-Site Scripting Vulnerability in Cisco Prime Infrastructure
CVE-2023-20257
Summary
A vulnerability exists within the web-based management interface of Cisco Prime Infrastructure, allowing authenticated remote attackers to exploit it through cross-site scripting techniques. This issue arises from inadequate validation of user inputs processed by the management interface. By injecting malicious script or HTML content into requests, an attacker can manipulate the application, resulting in cross-site scripting attacks that could impact other users. The potential exploitation of this vulnerability significantly raises security concerns for organizations relying on Cisco Prime Infrastructure.
Affected Version(s)
Cisco Evolved Programmable Network Manager (EPNM) 1.2.6
Cisco Evolved Programmable Network Manager (EPNM) 1.2.2
Cisco Evolved Programmable Network Manager (EPNM) 1.2.3
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved