Cisco Prime Infra: Authenticated Remote XSS in Web UI
CVE-2026-20111 Published on February 4, 2026

Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the interface of an affected system. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious code into specific data fields in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker must have valid administrative credentials.

NVD

Vulnerability Analysis

CVE-2026-20111 can be exploited with network access, requires user interaction and user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

HIGH

User Interaction:

REQUIRED

Scope:

CHANGED

Confidentiality Impact:

LOW

Integrity Impact:

LOW

Availability Impact:

NONE

Weakness Type

Use of Hard-coded Credentials

The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

Products Associated with CVE-2026-20111

Want to know whenever a new CVE is published for Cisco Prime Infrastructure? stack.watch will email you.

Cisco Prime Infrastructure

Affected Versions

Cisco Prime Infrastructure:

Version 3.0.0 is affected.
Version 3.1.0 is affected.
Version 3.1.5 is affected.
Version 2.1 is affected.
Version 2.0.0 is affected.
Version 3.6.0 is affected.
Version 3.7.0 is affected.
Version 3.4.0 is affected.
Version 3.3.0 is affected.
Version 3.2 is affected.
Version 3.5.0 is affected.
Version 3.2.0-FIPS is affected.
Version 2.2 is affected.
Version 3.8.0-FED is affected.
Version 3.9.0 is affected.
Version 3.8.0 is affected.
Version 3.10.0 is affected.
Version 3.1.1 is affected.
Version 2.1.2 is affected.
Version 2.2.1 is affected.
Version 2.2.0 is affected.
Version 3.0.2 is affected.
Version 3.0.3 is affected.
Version 3.0.1 is affected.
Version 2.2.2 is affected.
Version 2.2.3 is affected.
Version 2.1.0 is affected.
Version 2.1.1 is affected.
Version 3.9.1 is affected.
Version 2.0.10 is affected.
Version 3.8.1 is affected.
Version 3.7.1 is affected.
Version 3.5.1 is affected.
Version 3.4.2 is affected.
Version 3.3.1 is affected.
Version 3.1.7 is affected.
Version 3.2.1 is affected.
Version 3.2.2 is affected.
Version 3.1.6 is affected.
Version 3.1.2 is affected.
Version 3.4.1 is affected.
Version 3.1.3 is affected.
Version 3.1.4 is affected.
Version 3.0.6 is affected.
Version 2.2.10 is affected.
Version 3.0.4 is affected.
Version 3.0.5 is affected.
Version 2.1.56 is affected.
Version 2.2.4 is affected.
Version 2.2.9 is affected.
Version 2.2.8 is affected.
Version 2.2.5 is affected.
Version 2.2.7 is affected.
Version 2.0.39 is affected.
Version 3.8_DP1 is affected.
Version 3.9_DP1 is affected.
Version 3.7_DP2 is affected.
Version 3.6_DP1 is affected.
Version 3.5_DP4 is affected.
Version 3.5_DP2 is affected.
Version 3.4_DP10 is affected.
Version 3.7_DP1 is affected.
Version 3.5_DP3 is affected.
Version 3.4_DP11 is affected.
Version 3.5_DP1 is affected.
Version 3.4_DP8 is affected.
Version 3.4_DP1 is affected.
Version 3.4_DP3 is affected.
Version 3.4_DP5 is affected.
Version 3.4_DP2 is affected.
Version 3.4_DP7 is affected.
Version 3.4_DP6 is affected.
Version 3.3_DP4 is affected.
Version 3.4_DP4 is affected.
Version 3.4_DP9 is affected.
Version 3.1_DP16 is affected.
Version 3.3_DP2 is affected.
Version 3.3_DP3 is affected.
Version 3.1_DP15 is affected.
Version 3.3_DP1 is affected.
Version 3.1_DP13 is affected.
Version 3.2_DP2 is affected.
Version 3.2_DP1 is affected.
Version 3.2_DP3 is affected.
Version 3.1_DP14 is affected.
Version 3.2_DP4 is affected.
Version 3.1_DP7 is affected.
Version 3.1_DP10 is affected.
Version 3.1_DP11 is affected.
Version 3.1_DP4 is affected.
Version 3.1_DP6 is affected.
Version 3.1_DP12 is affected.
Version 3.1_DP5 is affected.
Version 3.0.7 is affected.
Version 3.1_DP9 is affected.
Version 3.1_DP8 is affected.
Version 3.10_DP1 is affected.
Version 3.10.2 is affected.
Version 3.10.3 is affected.
Version 3.10 is affected.
Version 3.10.1 is affected.
Version 3.7.1 Update 03 is affected.
Version 3.7.1 Update 04 is affected.
Version 3.7.1 Update 06 is affected.
Version 3.7.1 Update 07 is affected.
Version 3.8.1 Update 01 is affected.
Version 3.8.1 Update 02 is affected.
Version 3.8.1 Update 03 is affected.
Version 3.8.1 Update 04 is affected.
Version 3.9.1 Update 01 is affected.
Version 3.9.1 Update 02 is affected.
Version 3.9.1 Update 03 is affected.
Version 3.9.1 Update 04 is affected.
Version 3.10 Update 01 is affected.
Version 3.4.2 Update 01 is affected.
Version 3.6.0 Update 04 is affected.
Version 3.6.0 Update 02 is affected.
Version 3.6.0 Update 03 is affected.
Version 3.6.0 Update 01 is affected.
Version 3.5.1 Update 03 is affected.
Version 3.5.1 Update 01 is affected.
Version 3.5.1 Update 02 is affected.
Version 3.7.0 Update 03 is affected.
Version 2.2.3 Update 05 is affected.
Version 2.2.3 Update 04 is affected.
Version 2.2.3 Update 06 is affected.
Version 2.2.3 Update 03 is affected.
Version 2.2.3 Update 02 is affected.
Version 2.2.1 Update 01 is affected.
Version 2.2.2 Update 03 is affected.
Version 2.2.2 Update 04 is affected.
Version 3.8.0 Update 01 is affected.
Version 3.8.0 Update 02 is affected.
Version 3.7.1 Update 01 is affected.
Version 3.7.1 Update 02 is affected.
Version 3.7.1 Update 05 is affected.
Version 3.9.0 Update 01 is affected.
Version 3.3.0 Update 01 is affected.
Version 3.4.1 Update 02 is affected.
Version 3.4.1 Update 01 is affected.
Version 3.5.0 Update 03 is affected.
Version 3.5.0 Update 01 is affected.
Version 3.5.0 Update 02 is affected.
Version 3.10.4 is affected.
Version 3.10.4 Update 01 is affected.
Version 3.10.4 Update 02 is affected.
Version 3.10.4 Update 03 is affected.
Version 3.10.5 is affected.
Version 3.10.6 is affected.
Version 3.10.6 Update 01 is affected.

Exploit Probability

EPSS

0.04%

Percentile

10.83%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.