Severity by source
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Primary rating from Vendor (cisco) · only source for this CVE.
CVSS VectorVendor: cisco
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of the web-based management interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
AnalysisAI
Cisco Catalyst SD-WAN Manager's web interface contains a reflected cross-site scripting (XSS) vulnerability that requires user interaction and authentication to exploit. An attacker can craft a malicious link to execute arbitrary JavaScript in a victim's browser session, potentially stealing sensitive information or performing unauthorized actions within the management interface. No patch is currently available.
Technical ContextAI
This vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation), a reflected or stored XSS flaw in a web application. The Cisco Catalyst SD-WAN Manager (CPE: cpe:2.3:a:cisco:cisco_catalyst_sd-wan_manager) is an enterprise network management platform used to centralize control of SD-WAN deployments. The root cause stems from the management interface's failure to properly sanitize or encode user-supplied input before rendering it in HTML context. This allows attackers to inject malicious JavaScript that executes with the privileges of the authenticated user viewing the page, potentially compromising session tokens, harvesting credentials, or modifying network configurations.
RemediationAI
Upgrade Cisco Catalyst SD-WAN Manager to a patched version released after the affected versions listed above; consult the Cisco Security Advisory (https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-xss-ZqkhP9W9) for the specific recommended version. Until patching is feasible, implement network-level mitigations including restricting management interface access to trusted administrator IP ranges via firewall rules, enforcing HTTPS/TLS for all connections to the management interface, and enabling HTTP Strict-Transport-Security (HSTS) headers to prevent downgrade attacks. Additionally, educate administrative users about phishing risks and suspicious links, and consider implementing web application firewalls (WAF) with XSS-detection signatures on any reverse proxy fronting the management interface. Monitor authentication logs for unusual access patterns that may indicate exploitation attempts.
Remote unauthenticated attackers can bypass peering authentication in Cisco Catalyst SD-WAN Controller (vSmart) and SD-W
Arbitrary file write via path traversal in Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage) allows an authenticat
Remote file disclosure in Cisco Catalyst SD-WAN Manager allows unauthenticated attackers to read arbitrary system files
Cisco Catalyst SD-WAN Manager web UI fails to properly redact sensitive information in device configurations and templat
Privilege escalation in Cisco Catalyst SD-WAN Manager allows authenticated users with read-only permissions to elevate p
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-15437
GHSA-4wfv-hq2x-7m5r