Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability in the web-based management interface of Cisco IMC could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface.
This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information.
AnalysisAI
Reflected XSS in Cisco IMC web management interface allows unauthenticated remote attackers to execute arbitrary JavaScript in user browsers via crafted links. Affects Cisco Enterprise NFV Infrastructure Software, Cisco Unified Computing System (standalone), and UCS E-Series Software. Exploitation requires user interaction (clicking a malicious link) but could lead to session hijacking, credential theft, or malware delivery to privileged administrators managing critical infrastructure.
Technical ContextAI
The vulnerability exists in the web-based management interface of Cisco Integrated Management Controller (IMC), a critical out-of-band management platform used in enterprise computing environments. The root cause is insufficient input validation (CWE-79: Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting). Reflected XSS occurs when user-supplied input is echoed back in an HTTP response without proper encoding or sanitization. In this case, the IMC web interface fails to validate and escape user input before rendering it in the browser context, allowing attackers to inject malicious JavaScript payloads. The attack vector is network-based and requires no authentication (PR:N per CVSS vector), though it does require user interaction (UI:R) to click the crafted link. Affected products span Cisco's virtualization and computing infrastructure stacks.
RemediationAI
Organizations must obtain and apply patches from Cisco Security Advisory cisco-sa-cimc-xss-A2tkgVAB, which will specify fixed versions for each affected product line (Enterprise NFV Infrastructure Software, UCS standalone, and UCS E-Series). Patch deployment should be prioritized for IMC instances accessible from untrusted networks or used by administrators. Interim mitigations pending patching include: restricting web-based IMC access to trusted IP ranges via firewall rules, disabling IMC web interface and relying on alternative management protocols (IPMI, SSH) if web access is not required, implementing Web Application Firewall (WAF) rules to filter known XSS payloads, and educating administrators to avoid clicking untrusted links to IMC interfaces. After patching, validate that input validation is properly applied to all user-controllable fields in the management interface.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-17937
GHSA-mpmj-52r5-p8cp