CVE-2026-20090 in Enterprise NFV Infrastructure Softwareinfo

Zusammenfassung (Englisch)

A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface.

This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Zuständig

cisco

Reservieren

08.10.2025

Veröffentlichung

01.04.2026

Status

Bestätigt

Einträge

VulDB provides additional information and datapoints for this CVE:

IDSchwachstelleCWEAusMasCVE
354729Cisco Enterprise NFV Infrastructure Software Web-based Management Cross Site Scripting79Nicht definiertOffizieller FixCVE-2026-20090

Beschreibung

CPE

CWE

CVSS

Exploits

History

Diff

Verknüpfen

Threat Intelligence

API JSON

API XML

API CSV

Quellen

ZurückÜbersichtWeiter

Do you need the next level of professionalism?

Upgrade your account now!