Cross-Site Scripting Vulnerability in Cisco TelePresence Management Suite
CVE-2025-20208

4.6MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Telepresence Management Suite (tms)
Vendor: CVE Published:; 5 March 2025

Badges

👾 Exploit Exists

Summary

A vulnerability exists in the web-based management interface of Cisco TelePresence Management Suite, allowing low-privileged remote attackers to launch cross-site scripting (XSS) attacks. This issue stems from insufficient input validation within the interface. By injecting malicious data into a specific field, an attacker may execute arbitrary script code or access sensitive browser-based information, compromising user security.

Affected Version(s)

Cisco TelePresence Management Suite (TMS) TMS_15.13.6

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Mar 5, 2025
Vulnerability published
Mar 5, 2025
Vulnerability Reserved
Oct 10, 2024