Stored Cross-Site Scripting Vulnerability in Cisco Prime Infrastructure
CVE-2026-20111

4.8MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Prime Infrastructure
Vendor: CVE Published:; 4 February 2026

Badges

👾 Exploit Exists

What is CVE-2026-20111?

A stored cross-site scripting vulnerability exists within the web-based management interface of Cisco Prime Infrastructure. This security issue arises from inadequate validation of user input, allowing authenticated remote attackers with valid administrative credentials to inject malicious scripts. By exploiting this vulnerability, attackers can execute arbitrary JavaScript code within user sessions, potentially leading to unauthorized access to sensitive browser-based information. Users of affected systems should ensure that they apply necessary mitigations and updates as outlined in Cisco's advisory.

Affected Version(s)

Cisco Prime Infrastructure 3.0.0

Cisco Prime Infrastructure 3.1.0

Cisco Prime Infrastructure 3.1.5

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Feb 4, 2026
Vulnerability published
Feb 4, 2026
Vulnerability Reserved
Oct 8, 2025

CVE-2026-20111 Data

JSON