Cross-Site Scripting Vulnerability in Cisco BroadWorks Application Delivery Platform
CVE-2025-20211

6.1MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Broadworks
Vendor: CVE Published:; 19 February 2025

Badges

👾 Exploit Exists

Summary

A cross-site scripting vulnerability exists in the web-based management interface of Cisco BroadWorks Application Delivery Platform. This vulnerability arises from inadequate validation of user-supplied input, enabling an unauthenticated remote attacker to trick users into clicking specially crafted links. Successfully exploiting this vulnerability may allow the attacker to execute arbitrary script code within the context of the affected interface and potentially gain access to sensitive browser-based information. Organizations using this platform should prioritize mitigation measures to safeguard against such attacks.

Affected Version(s)

Cisco BroadWorks RI.2021.02

Cisco BroadWorks RI.2021.08

Cisco BroadWorks RI.2021.09

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

👾
Exploit known to exist
Feb 19, 2025
Vulnerability published
Feb 19, 2025
Vulnerability Reserved
Oct 10, 2024