CVE-2025-20353 | THREATINT

Description

A vulnerability in the web-based management interface of Cisco Catalyst Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of the web-based management interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

PUBLISHED Reserved 2024-10-10 | Published 2025-11-13 | Updated 2025-11-13 | Assigner cisco

MEDIUM: 6.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Problem types

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

Default status

unknown

2.1.1.0

affected

2.1.1.3

affected

2.1.2.0

affected

2.1.2.3

affected

2.1.2.4

affected

2.1.2.5

affected

2.2.1.0

affected

2.1.2.6

affected

2.2.2.0

affected

2.2.2.1

affected

2.2.2.3

affected

2.1.2.7

affected

2.2.1.3

affected

2.2.3.0

affected

2.2.2.4

affected

2.2.2.5

affected

2.2.3.3

affected

2.2.2.7

affected

2.2.2.6

affected

2.2.2.8

affected

2.2.3.4

affected

2.1.2.8

affected

2.3.2.1

affected

2.3.2.1-AIRGAP

affected

2.3.2.1-AIRGAP-CA

affected

2.2.3.5

affected

2.3.3.0

affected

2.3.3.3

affected

2.3.3.1-AIRGAP

affected

2.3.3.1

affected

2.3.2.3

affected

2.3.3.3-AIRGAP

affected

2.2.3.6

affected

2.2.2.9

affected

2.3.3.0-AIRGAP

affected

2.3.3.3-AIRGAP-CA

affected

2.3.3.4

affected

2.3.3.4-AIRGAP

affected

2.3.3.4-AIRGAP-MDNAC

affected

2.3.3.4-HF1

affected

2.3.4.0

affected

2.3.3.5

affected

2.3.3.5-AIRGAP

affected

2.3.4.0-AIRGAP

affected

2.3.4.3

affected

2.3.4.3-AIRGAP

affected

2.3.3.6

affected

2.3.5.0

affected

2.3.3.6-AIRGAP

affected

2.3.5.0-AIRGAP

affected

2.3.3.6-AIRGAP-MDNAC

affected

2.3.5.0-AIRGAP-MDNAC

affected

2.3.3.7

affected

2.3.3.7-AIRGAP

affected

2.3.3.7-AIRGAP-MDNAC

affected

2.3.6.0

affected

2.3.3.6-70045-HF1

affected

2.3.3.7-72328-AIRGAP

affected

2.3.3.7-72323

affected

2.3.3.7-72328-MDNAC

affected

2.3.5.3

affected

2.3.5.3-AIRGAP-MDNAC

affected

2.3.5.3-AIRGAP

affected

2.3.6.0-AIRGAP

affected

2.3.7.0

affected

2.3.7.0-AIRGAP

affected

2.3.7.0-AIRGAP-MDNAC

affected

2.3.5.4

affected

2.3.5.4-AIRGAP

affected

2.3.5.4-AIRGAP-MDNAC

affected

2.3.7.3

affected

2.3.7.3-AIRGAP

affected

2.3.7.3-AIRGAP-MDNAC

affected

2.3.5.5-AIRGAP

affected

2.3.5.5

affected

2.3.5.5-AIRGAP-MDNAC

affected

2.3.7.4

affected

2.3.7.4-AIRGAP

affected

2.3.7.4-AIRGAP-MDNAC

affected

2.3.7.5-AIRGAP

affected

2.3.5.6-AIRGAP

affected

2.3.5.6

affected

2.3.5.6-AIRGAP-MDNAC

affected

2.3.7.6-AIRGAP

affected

2.3.7.6

affected

2.3.5.5-70026-HF70

affected

2.3.5.5-70026-HF51

affected

2.3.5.6-70143-HF20

affected

2.3.7.6-AIRGAP-MDNAC

affected

2.3.5.5-70026-HF52

affected

2.3.5.5-70026-HF53

affected

2.3.5.5-70026-HF71

affected

2.3.7.7

affected

2.3.7.7-AIRGAP

affected

2.3.7.7-AIRGAP-MDNAC

affected

2.3.5.5-70026-HF72

affected

2.3.7.9

affected

2.3.7.9-AIRGAP

affected

2.3.7.9-AIRGAP-MDNAC

affected

2.3.7.9-70301-GSMU10

affected

2.3.7.9-70301-SMU1

affected

2.3.7.9-75403-SMU10

affected

2.3.7.9-75403-GSMU10

affected

2.3.5.3-EULA

affected

References

sec.cloudapps.cisco.com/...visory/cisco-sa-dnac-xss-weXtVZ59 (cisco-sa-dnac-xss-weXtVZ59)

cve.org (CVE-2025-20353)

nvd.nist.gov (CVE-2025-20353)

Download JSON