[CIVN-2025-0249] Cross-Site Scripting Vulnerability in CISCO
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Cross-Site Scripting Vulnerability in CISCO
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: MEDIUM
Systems Affected
Cisco Cyber Vision Center
Overview
Multiple vulnerabilities have been reported in the web-based management interface of Cisco Cyber Vision Center could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.
Target Audience:
All IT administrators and individuals responsible for maintaining and updating in Cisco Cyber Vision Center.
Risk Assessment:
High risk of data manipulation and service disruption.
Impact Assessment:
Potential impact on confidentiality, integrity, and availability of the system.
Description
These vulnerabilities exist due to the web-based management interface of an affected system does not sufficiently validate user-supplied input. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface.
Successful exploitation of these vulnerabilities could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
Solution
Apply appropriate updates as mentioned in Cisco Advisory
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cv-xss-rwRAKAJ9
Vendor Information
CISCO
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cv-xss-rwRAKAJ9
References
CISCO
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cv-xss-rwRAKAJ9
CVE Name
CVE-2025-20356
CVE-2025-20357
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmjntu8ACgkQ3jCgcSdc
ys8abg//YWlBbMphE/xk+lwmAUMKpgZiYbyaAD63aKlS8MG8G1CVRU2hp/XapuYA
PLlQL0LGEyyZe0UvhyDJ8jH3xswq/gkSPTvJSoKGRijVT0QIjzvCLpNDN2Bg/n9m
TT+eucunQHjqF+coDCtF1RpMDSYvi1RUC7DdLpW+9EeP47bG1303m0hhhqdZSA4z
NAZgA5+bmhSl1xTJeVIzTGxUkyrb4aFQmlFLgy5Sqx5SB28vbQ5a9X1YiI5JwO2I
55CM/4JFNH3U6/7H/0OKDPfBoHl9BfnqmzFWstytNuDAkymVKDXRgixM8MpFOf5K
b4+huvFiPnaFXyeYrwpeoaixE18uwNtB8grWZl7UKtFYLycU94nNQTye1a+188O4
cFB3T+q/KVzULjhoSQSdYlpF85qNkPS0k2yi9xAeFWVRsLxx51pTCSSG7mrSZgBp
KH4U5yEe0F8UIitPaeV/BEGqVddc/xKoucBLOidZQArIdvPZRO6PTKlNmvZ+96zd
7SGiU3DPqBHJzFSGMJS4jnVh+AiYzX19cnu6knmF3VtpLPU3DSDsEEdqPZemfK0p
s6lD/psOnXrvXddOJ1EbKal0C0MQtkRLooJL2pbvPG0dVdQwk6+hHIECfDJKpRAu
JhWQqv6FVNzPctAtEINVHhD0gRA5f2HRNXQtsC4MsCF8xe69k00=
=i6md
—–END PGP SIGNATURE—–