CVE-2025-20120 | THREATINT

Description

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Reserved 2024-10-10 | Published 2025-04-02 | Updated 2025-04-02 | Assigner cisco

MEDIUM: 6.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Problem types

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

2.0.0

affected

2.0.10

affected

2.0.39

affected

2.1.0

affected

2.1.1

affected

2.1.2

affected

2.1.56

affected

2.2.0

affected

2.2.1

affected

2.2.2

affected

2.2.3

affected

2.2.10

affected

2.2.8

affected

2.2.4

affected

2.2.7

affected

2.2.5

affected

2.2.9

affected

2.2.1 Update 01

affected

2.2.2 Update 03

affected

2.2.2 Update 04

affected

2.2.3 Update 02

affected

2.2.3 Update 03

affected

2.2.3 Update 04

affected

2.2.3 Update 05

affected

2.2.3 Update 06

affected

3.0.0

affected

3.0.1

affected

3.0.2

affected

3.0.3

affected

3.0.4

affected

3.0.6

affected

3.0.5

affected

3.0.7

affected

3.1.0

affected

3.1.1

affected

3.1.7

affected

3.1.5

affected

3.1.2

affected

3.1.3

affected

3.1.4

affected

3.1.6

affected

3.2.2

affected

3.2.0-FIPS

affected

3.2.1

affected

3.3.0

affected

3.3.1

affected

3.3.0 Update 01

affected

3.4.0

affected

3.4.1

affected

3.4.2

affected

3.4.1 Update 01

affected

3.4.1 Update 02

affected

3.4.2 Update 01

affected

3.5.0

affected

3.5.1

affected

3.5.0 Update 01

affected

3.5.0 Update 02

affected

3.5.0 Update 03

affected

3.5.1 Update 01

affected

3.5.1 Update 02

affected

3.5.1 Update 03

affected

3.6.0

affected

3.6.0 Update 01

affected

3.6.0 Update 02

affected

3.6.0 Update 03

affected

3.6.0 Update 04

affected

2.1

affected

2.2

affected

3.2

affected

3.4_DP1

affected

3.4_DP3

affected

3.4_DP2

affected

3.5_DP1

affected

3.4_DP7

affected

3.4_DP10

affected

3.4_DP5

affected

3.1_DP15

affected

3.4_DP11

affected

3.4_DP8

affected

3.7_DP1

affected

3.3_DP4

affected

3.10_DP1

affected

3.8_DP1

affected

3.7_DP2

affected

3.6_DP1

affected

3.1_DP16

affected

3.5_DP4

affected

3.3_DP3

affected

3.2_DP2

affected

3.4_DP4

affected

3.1_DP14

affected

3.1_DP6

affected

3.1_DP9

affected

3.4_DP6

affected

3.2_DP3

affected

3.4_DP9

affected

3.3_DP2

affected

3.2_DP1

affected

3.1_DP10

affected

3.9_DP1

affected

3.3_DP1

affected

3.1_DP13

affected

3.5_DP2

affected

3.1_DP12

affected

3.1_DP4

affected

3.5_DP3

affected

3.1_DP8

affected

3.1_DP7

affected

3.2_DP4

affected

3.1_DP11

affected

3.1_DP5

affected

3.7.0

affected

3.7.1

affected

3.7.1 Update 04

affected

3.7.1 Update 06

affected

3.7.1 Update 07

affected

3.7.1 Update 03

affected

3.7.0 Update 03

affected

3.7.1 Update 01

affected

3.7.1 Update 02

affected

3.7.1 Update 05

affected

3.8.0

affected

3.8.1

affected

3.8.1 Update 02

affected

3.8.1 Update 04

affected

3.8.1 Update 01

affected

3.8.1 Update 03

affected

3.8.0 Update 01

affected

3.8.0 Update 02

affected

3.9.0

affected

3.9.1

affected

3.9.1 Update 02

affected

3.9.1 Update 03

affected

3.9.1 Update 01

affected

3.9.1 Update 04

affected

3.9.0 Update 01

affected

3.10.0

affected

3.10.3

affected

3.10.1

affected

3.10.2

affected

3.10 Update 01

affected

3.10.4

affected

3.10.4 Update 01

affected

3.10.4 Update 02

affected

3.10.4 Update 03

affected

3.10.5

affected

3.10.6

affected

1.2.6

affected

1.2.2

affected

1.2.3

affected

1.2.5

affected

1.2.1.2

affected

1.2.4

affected

1.2.7

affected

1.2

affected

1.2.2.4

affected

1.2.4.2

affected

2.0.2

affected

2.0.4

affected

2.0.3

affected

2.0.1

affected

2.0

affected

2.0.1.1

affected

2.0.2.1

affected

2.0.4.1

affected

2.0.4.2

affected

2.1.2

affected

2.1.3

affected

2.1.1

affected

2.1

affected

2.1.1.1

affected

2.1.1.3

affected

2.1.1.4

affected

2.1.2.2

affected

2.1.2.3

affected

2.1.3.2

affected

2.1.3.3

affected

2.1.3.4

affected

2.1.3.5

affected

2.1.4

affected

2.2.1

affected

2.2

affected

2.2.1.1

affected

2.2.1.2

affected

2.2.1.3

affected

2.2.1.4

affected

2.2.3

affected

2.2.4

affected

2.2.5

affected

3.0.1

affected

3.0.2

affected

3.0.3

affected

3.0

affected

3.1.1

affected

3.1.2

affected

3.1.3

affected

3.1

affected

4.1.1

affected

4.1

affected

4.1.1.1

affected

4.1.1.2

affected

4.0.3

affected

4.0.1

affected

4.0.2

affected

4.0

affected

4.0.3.1

affected

5.0.1

affected

5.0.2

affected

5.0.2.5

affected

5.0.2.3

affected

5.0.2.4

affected

5.0.2.1

affected

5.0.2.2

affected

5.0

affected

5.0.2.6

affected

5.1.1

affected

5.1.2

affected

5.1.3

affected

5.1.4

affected

5.1.4.2

affected

5.1.4.1

affected

5.1.4.3

affected

5.1

affected

5.1.3.1

affected

5.1.3.2

affected

5.1.4.4

affected

7.0.0

affected

7.0.1.3

affected

7.0.1.1

affected

7.0.1.2

affected

7.0.1

affected

6.0.0

affected

6.0.2

affected

6.0.1

affected

6.0.2.1

affected

6.0.1.1

affected

6.0.3

affected

6.0.3.1

affected

6.1.1

affected

6.1.1.1

affected

6.1

affected

6.1.2

affected

6.1.1.2.2

affected

6.1.2.1

affected

6.1.2.2

affected

7.1.0

affected

7.1.3

affected

7.1.2.1

affected

7.1.2

affected

7.1.1

affected

References

sec.cloudapps.cisco.com/...ory/cisco-sa-epnmpi-sxss-GSScPGY4 (cisco-sa-epnmpi-sxss-GSScPGY4)

cve.org (CVE-2025-20120)

nvd.nist.gov (CVE-2025-20120)

Download JSON