Cross-Site Scripting Vulnerability in Cisco Prime Infrastructure
CVE-2023-20257

4.8MEDIUM

Key Information:

Summary

A vulnerability exists within the web-based management interface of Cisco Prime Infrastructure, allowing authenticated remote attackers to exploit it through cross-site scripting techniques. This issue arises from inadequate validation of user inputs processed by the management interface. By injecting malicious script or HTML content into requests, an attacker can manipulate the application, resulting in cross-site scripting attacks that could impact other users. The potential exploitation of this vulnerability significantly raises security concerns for organizations relying on Cisco Prime Infrastructure.

Affected Version(s)

Cisco Evolved Programmable Network Manager (EPNM) 1.2.6

Cisco Evolved Programmable Network Manager (EPNM) 1.2.2

Cisco Evolved Programmable Network Manager (EPNM) 1.2.3

References

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.