CVE-2026-20089 in Enterprise NFV Infrastructure Software
Resumen (Inglés)
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface.
This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Responsable
cisco
Reservar
2025-10-08
Divulgación
2026-04-01
Estado
Confirmado
Voces
VulDB provides additional information and datapoints for this CVE:
| ID | Vulnerabilidad | CWE | Exp | Con | CVE |
|---|---|---|---|---|---|
| 354728 | Cisco Enterprise NFV Infrastructure Software Web-based Management secuencias de comandos en sitios cruzados | 79 | No está definido | Arreglo oficial | CVE-2026-20089 |
Descripción
CPE
CWE
CVSS
Hazañas
Historia
Diferencia
Relacionar
Inteligencia de amenazas
API JSON
API XML
API CSV