CVE-2026-20088 in Enterprise NFV Infrastructure Software
Sumário (Inglês)
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface.
This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Responsável
cisco
Reservar
08/10/2025
Divulgação
01/04/2026
Estado
Confirmado
Inscrições
VulDB provides additional information and datapoints for this CVE:
| ID | Vulnerabilidade | CWE | Exp | Con | CVE |
|---|---|---|---|---|---|
| 354727 | Cisco Enterprise NFV Infrastructure Software Web-based Management Script de Site Cruzado | 79 | Não definido | Correção oficial | CVE-2026-20088 |
Descrição
CPE
CWE
CVSS
Explorações
História
Diferença
Relacionar
Inteligência de ameaças
API JSON
API XML
API CSV