CVE-2025-20147 | THREATINT

Description

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a stored cross-site scripting attack (XSS) on an affected system.  This vulnerability is due to improper sanitization of user input to the web-based management interface. An attacker could exploit this vulnerability by submitting a malicious script through the interface. A successful exploit could allow the attacker to conduct a stored XSS attack on the affected system.

PUBLISHED Reserved 2024-10-10 | Published 2025-05-07 | Updated 2025-05-07 | Assigner cisco

MEDIUM: 5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Problem types

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

Default status

unknown

20.1.12

affected

19.2.1

affected

18.4.4

affected

18.4.5

affected

20.1.1.1

affected

20.1.1

affected

19.3.0

affected

19.2.2

affected

19.2.099

affected

18.3.6

affected

18.3.7

affected

19.2.0

affected

18.3.8

affected

19.0.0

affected

19.1.0

affected

18.4.302

affected

18.4.303

affected

19.2.097

affected

19.2.098

affected

17.2.10

affected

18.3.6.1

affected

19.0.1a

affected

18.2.0

affected

18.4.3

affected

18.4.1

affected

17.2.8

affected

18.3.3.1

affected

18.4.0

affected

18.3.1

affected

17.2.6

affected

17.2.9

affected

18.3.4

affected

17.2.5

affected

18.3.1.1

affected

18.3.5

affected

18.4.0.1

affected

18.3.3

affected

17.2.7

affected

17.2.4

affected

18.3.0

affected

19.2.3

affected

18.4.501_ES

affected

20.3.1

affected

20.1.2

affected

19.2.929

affected

19.2.31

affected

20.3.2

affected

19.2.32

affected

20.3.2_925

affected

20.3.2.1

affected

20.3.2.1_927

affected

18.4.6

affected

20.1.2_937

affected

20.4.1

affected

20.3.2_928

affected

20.3.2_929

affected

20.4.1.0.1

affected

20.3.2.1_930

affected

19.2.4

affected

20.5.0.1.1

affected

20.4.1.1

affected

20.3.3

affected

19.2.4.0.1

affected

20.3.2_937

affected

20.3.3.1

affected

20.5.1

affected

20.1.3

affected

20.3.3.0.4

affected

20.3.3.1.2

affected

20.3.3.1.1

affected

20.4.1.2

affected

20.3.3.0.2

affected

20.4.1.1.5

affected

20.4.1.0.01

affected

20.4.1.0.02

affected

20.3.3.1.7

affected

20.3.3.1.5

affected

20.5.1.0.1

affected

20.3.3.1.10

affected

20.3.3.0.8

affected

20.4.2

affected

20.4.2.0.1

affected

20.3.4

affected

20.3.3.0.14

affected

19.2.4.0.8

affected

19.2.4.0.9

affected

20.3.4.0.1

affected

20.3.2.0.5

affected

20.6.1

affected

20.5.1.0.2

affected

20.3.3.0.17

affected

20.6.1.1

affected

20.6.0.18.3

affected

20.3.2.0.6

affected

20.6.0.18.4

affected

20.4.2.0.2

affected

20.3.3.0.16

affected

20.3.4.0.5

affected

20.6.1.0.1

affected

20.3.4.0.6

affected

20.6.2

affected

20.7.1EFT2

affected

20.3.4.0.9

affected

20.3.4.0.11

affected

20.4.2.0.4

affected

20.3.3.0.18

affected

20.7.1

affected

20.6.2.1

affected

20.3.4.1

affected

20.5.1.1

affected

20.4.2.1

affected

20.4.2.1.1

affected

20.3.4.1.1

affected

20.3.813

affected

20.3.4.0.19

affected

20.4.2.2.1

affected

20.5.1.2

affected

20.3.4.2

affected

20.3.814

affected

20.4.2.2

affected

20.6.2.2

affected

20.3.4.2.1

affected

20.7.1.1

affected

20.3.4.1.2

affected

20.6.2.2.2

affected

20.3.4.0.20

affected

20.6.2.2.3

affected

20.4.2.2.2

affected

20.3.5

affected

20.6.2.0.4

affected

20.4.2.2.3

affected

20.3.4.0.24

affected

20.6.2.2.7

affected

20.6.3

affected

20.3.4.2.2

affected

20.4.2.2.4

affected

20.7.1.0.2

affected

20.8.1

affected

20.3.5.0.8

affected

20.3.5.0.9

affected

20.4.2.2.8

affected

20.3.5.0.7

affected

20.6.3.0.7

affected

20.6.3.0.5

affected

20.6.3.0.10

affected

20.6.3.0.2

affected

20.7.2

affected

20.9.1EFT2

affected

20.6.3.0.11

affected

20.6.3.1

affected

20.6.3.0.14

affected

20.6.4

affected

20.9.1

affected

20.6.3.0.19

affected

20.6.3.0.18

affected

20.3.6

affected

20.9.1.1

affected

20.6.3.0.23

affected

20.6.4.0.4

affected

20.6.3.0.25

affected

20.6.5

affected

20.6.3.0.27

affected

20.9.2

affected

20.9.2.1

affected

20.6.3.0.29

affected

20.6.3.0.31

affected

20.6.3.0.32

affected

20.10.1

affected

20.6.3.0.33

affected

20.9.2.0.01

affected

20.9.1_LI_Images

affected

20.10.1_LI_Images

affected

20.9.2_LI_Images

affected

20.3.7

affected

20.9.3

affected

20.6.5.1

affected

20.11.1

affected

20.11.1_LI_Images

affected

20.9.3_LI_ Images

affected

20.6.3.1.1

affected

20.9.3.0.2

affected

20.6.5.1.2

affected

20.9.3.0.3

affected

20.4.2.3

affected

20.6.3.2

affected

20.6.4.1

affected

20.6.3.0.38

affected

20.6.3.0.39

affected

20.3.5.1

affected

20.3.4.3

affected

20.9.3.1

affected

20.3.3.2

affected

20.6.5.2

affected

20.3.7.1

affected

20.10.1.1

affected

20.6.5.2.1

affected

20.3.4.0.25

affected

20.6.2.2.4

affected

20.6.1.2

affected

20.11.1.1

affected

20.9.3.0.5

affected

20.3.4.0.26

affected

20.6.5.1.3

affected

20.6.3.0.40

affected

20.1.3.1

affected

20.9.2.2

affected

20.6.5.2.3

affected

20.6.5.1.4

affected

20.6.5.3

affected

20.6.3.0.41

affected

20.9.3.0.7

affected

20.6.5.1.5

affected

20.9.3.0.4

affected

20.6.4.0.19

affected

20.6.5.1.6

affected

20.9.3.0.8

affected

20.6.3.3

affected

20.3.7.2

affected

20.6.5.4

affected

20.6.5.1.7

affected

20.9.3.0.12

affected

20.6.4.2

affected

20.6.5.5

affected

20.9.3.2

affected

20.11.1.2

affected

20.6.3.4

affected

20.10.1.2

affected

20.6.5.1.9

affected

20.9.3.0.16

affected

20.6.3.0.45

affected

20.6.5.1.10

affected

20.9.3.0.17

affected

20.6.5.2.4

affected

20.6.4.0.21

affected

20.9.3.0.18

affected

20.6.3.0.46

affected

20.6.3.0.47

affected

20.9.2.3

affected

20.9.3.2_LI_Images

affected

20.9.3.0.21

affected

20.9.3.0.20

affected

20.9.4_LI_Images

affected

20.9.4

affected

20.6.5.1.11

affected

20.12.1

affected

20.12.1_LI_Images

affected

20.6.5.1.13

affected

20.9.3.0.23

affected

20.6.5.2.8

affected

20.9.4.1

affected

20.9.4.1_LI_Images

affected

20.9.3.0.25

affected

20.9.3.0.24

affected

20.6.5.1.14

affected

20.3.8

affected

20.6.6

affected

20.9.3.0.26

affected

20.6.3.0.51

affected

20.9.3.0.29

affected

20.12.2

affected

20.12.2_LI_Images

affected

20.6.6.0.1

affected

20.9.4.0.4

affected

20.9.4.1.1

affected

20.9.5

affected

20.9.5_LI_Images

affected

20.12.3_LI_Images

affected

20.12.3

affected

20.9.4.1.3

affected

20.6.7

affected

20.9.5.1

affected

20.9.5.1_LI_Images

affected

20.9.4.1.6

affected

20.9.5.2

affected

20.9.5.2.1

affected

20.9.5.2_LI_Images

affected

20.12.3.1

affected

20.12.4

affected

20.9.5.1.4

affected

20.9.5.2.7

affected

20.9.5.2.13

affected

20.9.6

affected

20.9.6_LI_Images

affected

20.9.5.2.14

affected

20.6.8

affected

20.12.4.0.03

affected

20.12.4_LI_Images

affected

20.9.5.2.16

affected

20.12.4.0.4

affected

20.12.401

affected

20.9.5.3

affected

20.9.5.3_LI_Images

affected

20.12.4.1_LI_Images

affected

20.12.4.1

affected

20.9.5.2.21

affected

20.9.6.0.3

affected

20.12.4.0.6

affected

References

sec.cloudapps.cisco.com/...ory/cisco-sa-vmanage-xss-xhN8M5jt (cisco-sa-vmanage-xss-xhN8M5jt)

cve.org (CVE-2025-20147)

nvd.nist.gov (CVE-2025-20147)

Download JSON