CVE-2023-20257

CWE-80 CWE-79 — Cross-site Scripting (XSS)CWE-284 — Improper Access Control CWE-89 — SQL Injection4 documents4 sources

Severity

4.8MEDIUM

EPSS

0.1%

top 81.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Evolved Programmable Network Manager Cisco Prime Infrastructure Cisco Cisco Evolved Programmable Network Manager (epnm)+1 more

Timeline

PublishedJan 17

Description

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct cross-site scripting attacks. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by submitting malicious input containing script or HTML content within requests that would stored within the application interface. A successful exploit could allow the atta…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages4 packages

▶NVDcisco/prime_infrastructure< 3.10.4+1

▶CVEListV5cisco/cisco_prime_infrastructure143 versions+142

▶NVDcisco/evolved_programmable_network_manager< 7.1.1

▶CVEListV5cisco/cisco_evolved_programmable_network_manager_(epnm)92 versions+91

🔴Vulnerability Details

CVEList

CVE-2023-20257: A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct cross-sit↗2024-01-17

▶

GHSA

GHSA-qxvp-mr53-fp4v: A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct cross-sit↗2024-01-17

▶

📋Vendor Advisories

Cisco

Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Vulnerabilities↗2024-01-10

▶