Skip to main content

Cisco EUVDEUVD-2026-17937

| CVE-2026-20085 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-04-01 cisco GHSA-mpmj-52r5-p8cp
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Apr 01, 2026 - 17:30 euvd
EUVD-2026-17937
Analysis Generated
Apr 01, 2026 - 17:30 vuln.today
CVE Published
Apr 01, 2026 - 16:27 nvd
MEDIUM 6.1

DescriptionCVE.org

A vulnerability in the web-based management interface of Cisco IMC could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface.

This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information.

AnalysisAI

Reflected XSS in Cisco IMC web management interface allows unauthenticated remote attackers to execute arbitrary JavaScript in user browsers via crafted links. Affects Cisco Enterprise NFV Infrastructure Software, Cisco Unified Computing System (standalone), and UCS E-Series Software. Exploitation requires user interaction (clicking a malicious link) but could lead to session hijacking, credential theft, or malware delivery to privileged administrators managing critical infrastructure.

Technical ContextAI

The vulnerability exists in the web-based management interface of Cisco Integrated Management Controller (IMC), a critical out-of-band management platform used in enterprise computing environments. The root cause is insufficient input validation (CWE-79: Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting). Reflected XSS occurs when user-supplied input is echoed back in an HTTP response without proper encoding or sanitization. In this case, the IMC web interface fails to validate and escape user input before rendering it in the browser context, allowing attackers to inject malicious JavaScript payloads. The attack vector is network-based and requires no authentication (PR:N per CVSS vector), though it does require user interaction (UI:R) to click the crafted link. Affected products span Cisco's virtualization and computing infrastructure stacks.

RemediationAI

Organizations must obtain and apply patches from Cisco Security Advisory cisco-sa-cimc-xss-A2tkgVAB, which will specify fixed versions for each affected product line (Enterprise NFV Infrastructure Software, UCS standalone, and UCS E-Series). Patch deployment should be prioritized for IMC instances accessible from untrusted networks or used by administrators. Interim mitigations pending patching include: restricting web-based IMC access to trusted IP ranges via firewall rules, disabling IMC web interface and relying on alternative management protocols (IPMI, SSH) if web access is not required, implementing Web Application Firewall (WAF) rules to filter known XSS payloads, and educating administrators to avoid clicking untrusted links to IMC interfaces. After patching, validate that input validation is properly applied to all user-controllable fields in the management interface.

Share

EUVD-2026-17937 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy