CVE-2026-20085 in Enterprise NFV Infrastructure Software
摘要 (英语)
A vulnerability in the web-based management interface of Cisco IMC could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface.
This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
负责
cisco
预定
2025-10-08
披露
2026-04-01
状态
已确认
条目
VulDB provides additional information and datapoints for this CVE:
| 标识符 | 漏洞 | CWE | 可利用 | 对策 | CVE |
|---|---|---|---|---|---|
| 354725 | Cisco Enterprise NFV Infrastructure Software Web-based Management 跨网站脚本 | 79 | 未定义 | 官方修复 | CVE-2026-20085 |