Cert-In-Advisories

[CIVN-2025-0315] Cross-Site Scripting Vulnerability in CISCO

By Published On: November 16, 2025

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Cross-Site Scripting Vulnerability in CISCO 
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: MEDIUM
Systems Affected
Cisco Catalyst Center
Overview
A vulnerability has been reported in web-based management interface of Cisco Catalyst Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device.
Target Audience: 
All IT administrators and individuals responsible for maintaining and updating in Cisco Catalyst Center.
Risk Assessment:
High risk of data manipulation and service disruption.
Impact Assessment:
Potential impact on confidentiality, integrity, and availability of the system.
Description
This vulnerability exists due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of the web-based management interface to click a crafted link.
Successful exploitation of this vulnerability could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
Solution
Apply appropriate updates as mentioned in Cisco Advisory
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-xss-weXtVZ59
Vendor Information
CISCO
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-xss-weXtVZ59
References
CISCO
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-xss-weXtVZ59
CVE Name
CVE-2025-20353
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmkZcDkACgkQ3jCgcSdc
ys86ug/9Eaq+3o41fWHHr5Sxp7p2EDyuF01ucK20/PdAwCBMjDa4cQAGxPeA8pUl
23Wbe59QL/67tsRzzWk7RR0MtY6kiIbKEvqq8MyNxPPgKXdw97Bc7/KysgjRSLed
doWJjKyEoss6XUQOxcOZC2YqIF0yLgmRuPNFWnY6w6MM2ECqGg6Qfmdvbfi+yJYk
UNxbYg3I2DEIP15iQ6vs9KFmx8TGeoYTDpVmtZBvAMtUrnJA1pis+xVr/PRGbi2n
axg8I3HeeSa2DhDGxF9DHl+xd4LgxhczObimrIulI5yiRafrqUjNeUV0LURUuMzi
1EtxUKFP434+OyEEpY+3HZ7T2/S/K6RUtr0eH9ehVsGQbP6Td13lvBd2EGlgLjL7
Uyt8kGMdv9KAeZg7fff6qeosCjaAbJbYEnjCOuQcicM3pKs0ODZcNvapVrHBJ0CP
jCMIukq5n9fPKMsPaSjsIsjLihoDhB4670sL+mhJHoWX006fNAIMy4zACiZ4e5uD
fCNaAlXXHx7d2E9vDgVKvcy/nr8h5ovJW2ueupbAza/x1QjQzC700gol/Y8Df698
7fufarYWE+aC+mtbEbF01kO3190FoTHPiU5dUZrUU+r7PkpmO8huGJLIfBaP/qR4
wEmN2493dEq6/f32ITlpadR7ui6hXdF7qXhmbx9+11YOcIsEhn8=
=M372
—–END PGP SIGNATURE—–

Share this article

Related Posts

[CIVN-2025-0320] Remote Code Execution Vulnerability in Microsoft Graphics Component

[CIVN-2025-0320] Remote Code Execution Vulnerability in Microsoft Graphics Component

November 16, 2025
[CIVN-2025-0319] Multiple Vulnerabilities in Zoom Products

[CIVN-2025-0319] Multiple Vulnerabilities in Zoom Products

November 16, 2025
[CIVN-2025-0318] Remote Code Execution Vulnerability in Microsoft Edge (Chromium-based)

[CIVN-2025-0318] Remote Code Execution Vulnerability in Microsoft Edge (Chromium-based)

November 16, 2025
Total Views: 11|Daily Views: 11
Follow us :

Categories

Archives

Join our team

Join us today latest article updates!