CVE-2026-20091Cross-site Scripting in Cisco Firepower Extensible Operating System

CWE-79Cross-site Scripting4 documents4 sources
Severity
4.8MEDIUMNVD
EPSS
0.0%
top 88.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Firepower Extensible Operating SystemCisco Secure Firewall Adaptive Security Appliance SoftwareCisco Unified Computing System
Timeline
PublishedFeb 25

Description

A vulnerability in the web-based management interface of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious data into specific pages of the interface. A successf

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages3 packages

CVEListV5cisco/cisco_unified_computing_system85 versions+84

🔴Vulnerability Details

2
CVEList
Cisco UCS Manager and FXOS Software Stored Cross-Site Scripting Vulnerability2026-02-25
GHSA
GHSA-4pqc-pmx6-jgc9: A vulnerability in the web-based management interface of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, remote attac2026-02-25

📋Vendor Advisories

1
Cisco
Cisco FXOS and UCS Manager Software Stored Cross-Site Scripting Vulnerability2026-02-25
CVE-2026-20091 — Cross-site Scripting in Cisco | cvebase