—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Cross-Site Scripting Vulnerability in CISCO 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: MEDIUM

Systems Affected

Cisco Cyber Vision Center

Overview

Multiple vulnerabilities have been reported in the web-based management interface of Cisco Cyber Vision Center  could allow an  authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.

Target Audience: 

All IT administrators and individuals responsible for maintaining and updating in Cisco Cyber Vision Center.

Risk Assessment:

High risk of data manipulation and service disruption.

Impact Assessment:

Potential impact on confidentiality, integrity, and availability of the system.

Description

These vulnerabilities exist due to the web-based management interface of an affected system does not sufficiently validate user-supplied input. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface.

Successful exploitation of these vulnerabilities could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Solution

Apply appropriate updates as mentioned in Cisco Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cv-xss-rwRAKAJ9

Vendor Information

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cv-xss-rwRAKAJ9

References

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cv-xss-rwRAKAJ9

CVE Name

CVE-2025-20356

CVE-2025-20357

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmjntu8ACgkQ3jCgcSdc

ys8abg//YWlBbMphE/xk+lwmAUMKpgZiYbyaAD63aKlS8MG8G1CVRU2hp/XapuYA

PLlQL0LGEyyZe0UvhyDJ8jH3xswq/gkSPTvJSoKGRijVT0QIjzvCLpNDN2Bg/n9m

TT+eucunQHjqF+coDCtF1RpMDSYvi1RUC7DdLpW+9EeP47bG1303m0hhhqdZSA4z

NAZgA5+bmhSl1xTJeVIzTGxUkyrb4aFQmlFLgy5Sqx5SB28vbQ5a9X1YiI5JwO2I

55CM/4JFNH3U6/7H/0OKDPfBoHl9BfnqmzFWstytNuDAkymVKDXRgixM8MpFOf5K

b4+huvFiPnaFXyeYrwpeoaixE18uwNtB8grWZl7UKtFYLycU94nNQTye1a+188O4

cFB3T+q/KVzULjhoSQSdYlpF85qNkPS0k2yi9xAeFWVRsLxx51pTCSSG7mrSZgBp

KH4U5yEe0F8UIitPaeV/BEGqVddc/xKoucBLOidZQArIdvPZRO6PTKlNmvZ+96zd

7SGiU3DPqBHJzFSGMJS4jnVh+AiYzX19cnu6knmF3VtpLPU3DSDsEEdqPZemfK0p

s6lD/psOnXrvXddOJ1EbKal0C0MQtkRLooJL2pbvPG0dVdQwk6+hHIECfDJKpRAu

JhWQqv6FVNzPctAtEINVHhD0gRA5f2HRNXQtsC4MsCF8xe69k00=

=i6md

—–END PGP SIGNATURE—–