CVE-2026-20111
EUVD-2026-542304.02.2026, 17:16
A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the interface of an affected system. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious code into specific data fields in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker must have valid administrative credentials.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| cisco | prime_infrastructure | 𝑥 ≤ 3.9 |
| cisco | prime_infrastructure | 3.10 ≤ 𝑥 ≤ 3.10.6 |
| cisco | prime_infrastructure | 3.10.6:update01 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-798 - Use of Hard-coded CredentialsThe software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.