EUVD-2026-15442CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
3Description
A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid administrative credentials.
Analysis
A stored cross-site scripting (XSS) vulnerability exists in the web-based Cisco IOx application hosting environment management interface within Cisco IOS XE Software, allowing authenticated remote attackers with administrative credentials to inject malicious scripts that execute in the context of other users' browser sessions. Successful exploitation enables arbitrary script execution and access to sensitive browser-based information affecting a wide range of Cisco IOS XE versions from 16.6.1 through 17.18.1a. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Verify Content-Security-Policy and output encoding.
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today