—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Cross-Site Scripting Vulnerability in CISCO 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: MEDIUM

Systems Affected

Cisco EPNM and Cisco Prime Infrastructure

Overview

A vulnerability has been reported in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the interface of an affected system.

Target Audience: 

All IT administrators and individuals responsible for maintaining and updating in Software.

Risk Assessment:

High risk of data manipulation and service disruption.

Impact Assessment:

Potential impact on confidentiality, integrity, and availability of the system.

Description

This vulnerability exists due to the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious code into specific data fields in the interface.

Successful exploitation of this vulnerability could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker must have valid administrative credentials.

Solution

Apply appropriate updates as mentioned in Cisco Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-pi-stored-xss-GEkX8yWK

Vendor Information

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-pi-stored-xss-GEkX8yWK

References

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-pi-stored-xss-GEkX8yWK

CVE Name

CVE-2026-20075

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAml6JOoACgkQ3jCgcSdc

ys8AQA//UG6YnxLj2pNKPxoXKj0rXrmUeIUoQ8bSilFu1Kq4a2NiQzA/V7ydi7zf

JBwCoyO0mhvFHv4RQktMSdHlAF7r9e+6Qs9mO1pEYjNL4wdDnglewa7CYfMXFaGA

nKgtroeKRQSOz6cDEQ/muQt4t/aOM2ag6qVkj9vxyKAtJL7mpIbWnb1vb45FGK3x

aKFA/wL4zsYzjUFNWcUkHxcV9T5XU5wotPbMoe6D1HGjAFxfue0jhJ2jXA7X3BwB

V25TUlcfnS01X4+zozgnoKa68SwNAlcqwrD+ilgVdpnT6AFzorSembiaF1ME2TE8

Vnjqg9fARAwNZmFZCnARhFjVgW4rmIChr7AWeKdkzfecqqTWc+1Vxrre+IH20Tno

sj4Le+AuTWdculmzYUdGFYn6hsy9cfFUcDnyFY9fvWEDnnnxcqs+5uh1BEf3gPyb

XjKW3RkO/opCiZCR7jLXz8P9gZ+mTiThUz7Vq9/u8fClndc1hv2L3j97zs3s3zEC

W3K02sC+NwCu1v9erlHtgWxRG0Hfbs+HM2vTKPkopPu5I3vpj2939cRuakMWtVfZ

OxX+niiFig7lQO4AjLk7GiuOs7UJJFUUsQN7eVIMYB1RiTYHdM4U2SoClWAznKoD

498k37/gxaYKkOaC5doK2GXCjA+UTo/FStLBubTcmRhHxdPR9z4=

=/0WI

—–END PGP SIGNATURE—–