Cisco Prime Infrastructure & EPNM XSS in Web UI (CVE-2023-20205)
CVE-2023-20205 Published on August 16, 2023
Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid credentials to access the web-based management interface of the affected device.
Weakness Type
What is a XSS Vulnerability?
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2023-20205 has been classified to as a XSS vulnerability or weakness.
Products Associated with CVE-2023-20205
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-20205 are published in these products:
Affected Versions
Cisco Prime Infrastructure:- Version 2.0.0 is affected.
- Version 2.0.10 is affected.
- Version 2.0.39 is affected.
- Version 2.1.0 is affected.
- Version 2.1.1 is affected.
- Version 2.1.2 is affected.
- Version 2.1.56 is affected.
- Version 2.2.0 is affected.
- Version 2.2.1 is affected.
- Version 2.2.2 is affected.
- Version 2.2.3 is affected.
- Version 2.2.10 is affected.
- Version 2.2.8 is affected.
- Version 2.2.4 is affected.
- Version 2.2.7 is affected.
- Version 2.2.5 is affected.
- Version 2.2.9 is affected.
- Version 2.2.1 Update 01 is affected.
- Version 2.2.2 Update 03 is affected.
- Version 2.2.2 Update 04 is affected.
- Version 2.2.3 Update 02 is affected.
- Version 2.2.3 Update 03 is affected.
- Version 2.2.3 Update 04 is affected.
- Version 2.2.3 Update 05 is affected.
- Version 2.2.3 Update 06 is affected.
- Version 3.0.0 is affected.
- Version 3.0.1 is affected.
- Version 3.0.2 is affected.
- Version 3.0.3 is affected.
- Version 3.0.4 is affected.
- Version 3.0.6 is affected.
- Version 3.0.5 is affected.
- Version 3.0.7 is affected.
- Version 3.1.0 is affected.
- Version 3.1.1 is affected.
- Version 3.1.7 is affected.
- Version 3.1.5 is affected.
- Version 3.1.2 is affected.
- Version 3.1.3 is affected.
- Version 3.1.4 is affected.
- Version 3.1.6 is affected.
- Version 3.2.2 is affected.
- Version 3.2.0-FIPS is affected.
- Version 3.2.1 is affected.
- Version 3.3.0 is affected.
- Version 3.3.1 is affected.
- Version 3.3.0 Update 01 is affected.
- Version 3.4.0 is affected.
- Version 3.4.1 is affected.
- Version 3.4.2 is affected.
- Version 3.4.1 Update 01 is affected.
- Version 3.4.1 Update 02 is affected.
- Version 3.4.2 Update 01 is affected.
- Version 3.5.0 is affected.
- Version 3.5.1 is affected.
- Version 3.5.0 Update 01 is affected.
- Version 3.5.0 Update 02 is affected.
- Version 3.5.0 Update 03 is affected.
- Version 3.5.1 Update 01 is affected.
- Version 3.5.1 Update 02 is affected.
- Version 3.5.1 Update 03 is affected.
- Version 3.6.0 is affected.
- Version 3.6.0 Update 01 is affected.
- Version 3.6.0 Update 02 is affected.
- Version 3.6.0 Update 03 is affected.
- Version 3.6.0 Update 04 is affected.
- Version 2.1 is affected.
- Version 2.2 is affected.
- Version 3.2 is affected.
- Version 3.4_DP1 is affected.
- Version 3.4_DP3 is affected.
- Version 3.4_DP2 is affected.
- Version 3.5_DP1 is affected.
- Version 3.4_DP7 is affected.
- Version 3.4_DP10 is affected.
- Version 3.4_DP5 is affected.
- Version 3.1_DP15 is affected.
- Version 3.4_DP11 is affected.
- Version 3.4_DP8 is affected.
- Version 3.7_DP1 is affected.
- Version 3.3_DP4 is affected.
- Version 3.10_DP1 is affected.
- Version 3.8_DP1 is affected.
- Version 3.7_DP2 is affected.
- Version 3.6_DP1 is affected.
- Version 3.1_DP16 is affected.
- Version 3.5_DP4 is affected.
- Version 3.3_DP3 is affected.
- Version 3.2_DP2 is affected.
- Version 3.4_DP4 is affected.
- Version 3.1_DP14 is affected.
- Version 3.1_DP6 is affected.
- Version 3.1_DP9 is affected.
- Version 3.4_DP6 is affected.
- Version 3.2_DP3 is affected.
- Version 3.4_DP9 is affected.
- Version 3.3_DP2 is affected.
- Version 3.2_DP1 is affected.
- Version 3.1_DP10 is affected.
- Version 3.9_DP1 is affected.
- Version 3.3_DP1 is affected.
- Version 3.1_DP13 is affected.
- Version 3.5_DP2 is affected.
- Version 3.1_DP12 is affected.
- Version 3.1_DP4 is affected.
- Version 3.5_DP3 is affected.
- Version 3.1_DP8 is affected.
- Version 3.1_DP7 is affected.
- Version 3.2_DP4 is affected.
- Version 3.1_DP11 is affected.
- Version 3.1_DP5 is affected.
- Version 3.7.0 is affected.
- Version 3.7.1 is affected.
- Version 3.7.1 Update 04 is affected.
- Version 3.7.1 Update 06 is affected.
- Version 3.7.1 Update 07 is affected.
- Version 3.7.1 Update 03 is affected.
- Version 3.7.0 Update 03 is affected.
- Version 3.7.1 Update 01 is affected.
- Version 3.7.1 Update 02 is affected.
- Version 3.7.1 Update 05 is affected.
- Version 3.8.0 is affected.
- Version 3.8.1 is affected.
- Version 3.8.1 Update 02 is affected.
- Version 3.8.1 Update 04 is affected.
- Version 3.8.1 Update 01 is affected.
- Version 3.8.1 Update 03 is affected.
- Version 3.8.0 Update 01 is affected.
- Version 3.8.0 Update 02 is affected.
- Version 3.9.0 is affected.
- Version 3.9.1 is affected.
- Version 3.9.1 Update 02 is affected.
- Version 3.9.1 Update 03 is affected.
- Version 3.9.1 Update 01 is affected.
- Version 3.9.1 Update 04 is affected.
- Version 3.9.0 Update 01 is affected.
- Version 3.10.0 is affected.
- Version 3.10.3 is affected.
- Version 3.10.1 is affected.
- Version 3.10.2 is affected.
- Version 3.10 Update 01 is affected.
- Version 1.2.6 is affected.
- Version 1.2.2 is affected.
- Version 1.2.3 is affected.
- Version 1.2.5 is affected.
- Version 1.2.1.2 is affected.
- Version 1.2.4 is affected.
- Version 1.2.7 is affected.
- Version 1.2 is affected.
- Version 1.2.2.4 is affected.
- Version 1.2.4.2 is affected.
- Version 2.0.2 is affected.
- Version 2.0.4 is affected.
- Version 2.0.3 is affected.
- Version 2.0.1 is affected.
- Version 2.0 is affected.
- Version 2.0.1.1 is affected.
- Version 2.0.2.1 is affected.
- Version 2.0.4.1 is affected.
- Version 2.0.4.2 is affected.
- Version 2.1.2 is affected.
- Version 2.1.3 is affected.
- Version 2.1.1 is affected.
- Version 2.1 is affected.
- Version 2.1.1.1 is affected.
- Version 2.1.1.3 is affected.
- Version 2.1.1.4 is affected.
- Version 2.1.2.2 is affected.
- Version 2.1.2.3 is affected.
- Version 2.1.3.2 is affected.
- Version 2.1.3.3 is affected.
- Version 2.1.3.4 is affected.
- Version 2.1.3.5 is affected.
- Version 2.1.4 is affected.
- Version 2.2.1 is affected.
- Version 2.2 is affected.
- Version 2.2.1.1 is affected.
- Version 2.2.1.2 is affected.
- Version 2.2.1.3 is affected.
- Version 2.2.1.4 is affected.
- Version 2.2.3 is affected.
- Version 2.2.4 is affected.
- Version 2.2.5 is affected.
- Version 3.0.1 is affected.
- Version 3.0.2 is affected.
- Version 3.0.3 is affected.
- Version 3.0 is affected.
- Version 3.1.1 is affected.
- Version 3.1.2 is affected.
- Version 3.1.3 is affected.
- Version 3.1 is affected.
- Version 4.1.1 is affected.
- Version 4.1 is affected.
- Version 4.1.1.1 is affected.
- Version 4.1.1.2 is affected.
- Version 4.0.3 is affected.
- Version 4.0.1 is affected.
- Version 4.0.2 is affected.
- Version 4.0 is affected.
- Version 4.0.3.1 is affected.
- Version 5.0.1 is affected.
- Version 5.0.2 is affected.
- Version 5.0.2.5 is affected.
- Version 5.0.2.3 is affected.
- Version 5.0.2.4 is affected.
- Version 5.0.2.1 is affected.
- Version 5.0.2.2 is affected.
- Version 5.0 is affected.
- Version 5.1.1 is affected.
- Version 5.1.2 is affected.
- Version 5.1.3 is affected.
- Version 5.1.4 is affected.
- Version 5.1.4.2 is affected.
- Version 5.1.4.1 is affected.
- Version 5.1.4.3 is affected.
- Version 5.1 is affected.
- Version 5.1.3.1 is affected.
- Version 5.1.3.2 is affected.
- Version 7.0.0 is affected.
- Version 6.0.0 is affected.
- Version 6.0.2 is affected.
- Version 6.0.1 is affected.
- Version 6.0.2.1 is affected.
- Version 6.0.1.1 is affected.
- Version 6.0.3 is affected.
- Version 6.1.1 is affected.
- Version 6.1.1.1 is affected.
- Version 6.1 is affected.
Exploit Probability
EPSS
0.09%
Percentile
25.18%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.