CVE-2023-20257

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct cross-site scripting attacks. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by submitting malicious input containing script or HTML content within requests that would stored within the application interface. A successful exploit could allow the attacker to conduct cross-site scripting attacks against other users of the affected application.

Published: Jan 17, 2024
Updated: Jan 25, 2024
CVE: CVE-2023-20257
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.8
AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
cisco / prime_infrastructure	-	3.10.4
cisco / prime_infrastructure	3.10.4-update_1	3.10.4-update_1.x
cisco / prime_infrastructure	3.10.4	3.10.4.x
cisco / evolved_programmable_network_manager	-	7.1.1

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-wkZJeyeq

Vulnerability Database

289,598

CVE-2023-20257