CVE-2026-20111 | THREATINT

Description

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the interface of an affected system. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious code into specific data fields in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker must have valid administrative credentials.

PUBLISHED Reserved 2025-10-08 | Published 2026-02-04 | Updated 2026-02-04 | Assigner cisco

MEDIUM: 4.8CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Problem types

Use of Hard-coded Credentials

Product status

Default status

unknown

3.0.0

affected

3.1.0

affected

3.1.5

affected

2.1

affected

2.0.0

affected

3.6.0

affected

3.7.0

affected

3.4.0

affected

3.3.0

affected

3.2

affected

3.5.0

affected

3.2.0-FIPS

affected

2.2

affected

3.8.0-FED

affected

3.9.0

affected

3.8.0

affected

3.10.0

affected

3.1.1

affected

2.1.2

affected

2.2.1

affected

2.2.0

affected

3.0.2

affected

3.0.3

affected

3.0.1

affected

2.2.2

affected

2.2.3

affected

2.1.0

affected

2.1.1

affected

3.9.1

affected

2.0.10

affected

3.8.1

affected

3.7.1

affected

3.5.1

affected

3.4.2

affected

3.3.1

affected

3.1.7

affected

3.2.1

affected

3.2.2

affected

3.1.6

affected

3.1.2

affected

3.4.1

affected

3.1.3

affected

3.1.4

affected

3.0.6

affected

2.2.10

affected

3.0.4

affected

3.0.5

affected

2.1.56

affected

2.2.4

affected

2.2.9

affected

2.2.8

affected

2.2.5

affected

2.2.7

affected

2.0.39

affected

3.8_DP1

affected

3.9_DP1

affected

3.7_DP2

affected

3.6_DP1

affected

3.5_DP4

affected

3.5_DP2

affected

3.4_DP10

affected

3.7_DP1

affected

3.5_DP3

affected

3.4_DP11

affected

3.5_DP1

affected

3.4_DP8

affected

3.4_DP1

affected

3.4_DP3

affected

3.4_DP5

affected

3.4_DP2

affected

3.4_DP7

affected

3.4_DP6

affected

3.3_DP4

affected

3.4_DP4

affected

3.4_DP9

affected

3.1_DP16

affected

3.3_DP2

affected

3.3_DP3

affected

3.1_DP15

affected

3.3_DP1

affected

3.1_DP13

affected

3.2_DP2

affected

3.2_DP1

affected

3.2_DP3

affected

3.1_DP14

affected

3.2_DP4

affected

3.1_DP7

affected

3.1_DP10

affected

3.1_DP11

affected

3.1_DP4

affected

3.1_DP6

affected

3.1_DP12

affected

3.1_DP5

affected

3.0.7

affected

3.1_DP9

affected

3.1_DP8

affected

3.10_DP1

affected

3.10.2

affected

3.10.3

affected

3.10

affected

3.10.1

affected

3.7.1 Update 03

affected

3.7.1 Update 04

affected

3.7.1 Update 06

affected

3.7.1 Update 07

affected

3.8.1 Update 01

affected

3.8.1 Update 02

affected

3.8.1 Update 03

affected

3.8.1 Update 04

affected

3.9.1 Update 01

affected

3.9.1 Update 02

affected

3.9.1 Update 03

affected

3.9.1 Update 04

affected

3.10 Update 01

affected

3.4.2 Update 01

affected

3.6.0 Update 04

affected

3.6.0 Update 02

affected

3.6.0 Update 03

affected

3.6.0 Update 01

affected

3.5.1 Update 03

affected

3.5.1 Update 01

affected

3.5.1 Update 02

affected

3.7.0 Update 03

affected

2.2.3 Update 05

affected

2.2.3 Update 04

affected

2.2.3 Update 06

affected

2.2.3 Update 03

affected

2.2.3 Update 02

affected

2.2.1 Update 01

affected

2.2.2 Update 03

affected

2.2.2 Update 04

affected

3.8.0 Update 01

affected

3.8.0 Update 02

affected

3.7.1 Update 01

affected

3.7.1 Update 02

affected

3.7.1 Update 05

affected

3.9.0 Update 01

affected

3.3.0 Update 01

affected

3.4.1 Update 02

affected

3.4.1 Update 01

affected

3.5.0 Update 03

affected

3.5.0 Update 01

affected

3.5.0 Update 02

affected

3.10.4

affected

3.10.4 Update 01

affected

3.10.4 Update 02

affected

3.10.4 Update 03

affected

3.10.5

affected

3.10.6

affected

3.10.6 Update 01

affected

References

sec.cloudapps.cisco.com/...yAdvisory/cisco-sa-pi-xss-bYeVKCD (cisco-sa-pi-xss-bYeVKCD)

cve.org (CVE-2026-20111)

nvd.nist.gov (CVE-2026-20111)

Download JSON