CVE Catalog

CVE-2026-20111

MediumCVSS 4.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

7th percentile - higher than 7% of all known CVEs

Summary

A vulnerability in the web-based management interface of Cisco Prime Infrastructure allows an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack against users of the interface. This is due to improper validation of user-supplied input.

Risk Assessment

An attacker could execute arbitrary script code in the context of the affected interface or access sensitive browser-based information, potentially compromising the confidentiality and integrity of the system.

Recommendation

Apply the security update provided by Cisco for Cisco Prime Infrastructure immediately. Until then, restrict access to the management interface to trusted administrators only.

Original NVD description (English source)

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the interface of an affected system. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious code into specific data fields in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker must have valid administrative credentials.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS