CVE-2025-20342Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Cisco Unified Computing System

CWE-80Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)4 documents4 sources
Severity
5.4MEDIUMNVD
EPSS
0.0%
top 91.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Unified Computing SystemCisco Unified Computing System E-series Software
Timeline
PublishedAug 27

Description

A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into a

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

CVEListV5cisco/cisco_unified_computing_system252 versions+251

🔴Vulnerability Details

2
CVEList
Cisco Integrated Management Controller Virtual Keyboard Video Monitor (vKVM) Stored Cross-Site Scripting Vulnerability2025-08-27
GHSA
GHSA-885p-4w28-xgr6: A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an authen2025-08-27

📋Vendor Advisories

1
Cisco
Cisco Integrated Management Controller Virtual Keyboard Video Monitor Stored Cross-Site Scripting Vulnerability2025-08-27
CVE-2025-20342 — Cisco vulnerability | cvebase