CVE-2026-20111
MediumCVSS 4.8Exploitation Probability (EPSS)
Low risk7th percentile - higher than 7% of all known CVEs
Summary
A vulnerability in the web-based management interface of Cisco Prime Infrastructure allows an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack against users of the interface. This is due to improper validation of user-supplied input.
Risk Assessment
An attacker could execute arbitrary script code in the context of the affected interface or access sensitive browser-based information, potentially compromising the confidentiality and integrity of the system.
Recommendation
Apply the security update provided by Cisco for Cisco Prime Infrastructure immediately. Until then, restrict access to the management interface to trusted administrators only.
Original NVD description (English source)
A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the interface of an affected system. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious code into specific data fields in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker must have valid administrative credentials.

