| CVE | CVE-2023-20069 |
| CVE Title | |
| Published Date | 2023-03-03T16:15Z |
| Modified Date | 2023-03-10T14:50Z |
| CWE Type | CWE-79 |
| CVSS 3.x | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
| Description | A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need to have valid credentials to access the web-based management interface of the affected device. |
| References | |
| By clicking these links you will leave this website. We do not endorse and will not be held accountable for any activity on external sites. | |
| Reference URL | https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-pi-epnm-xss-mZShH2J |
| Reference Description | CISCO 20230301 Cisco Prime Infrastructure and Evolved Programmable Network Manager Stored Cross-Site Scripting Vulnerability |
| Reference Description | |
| Tags | Vendor Advisory |
| Sources | NIST MITRE |
