CVE-2026-20090
Cisco Integrated Management Controller Cross-Site Scripting Vulnerability
CVSS Score
4.8
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information.
| CWE | CWE-79 |
| Vendor | cisco |
| Product | cisco enterprise nfv infrastructure software |
| Ecosystems | |
| Industries | NetworkingTelecommunications |
| Published | Apr 1, 2026 |
| Last Updated | Apr 1, 2026 |
Stay Ahead of the Next One
Get instant alerts for cisco cisco enterprise nfv infrastructure software
Be the first to know when new medium vulnerabilities affecting cisco cisco enterprise nfv infrastructure software are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Affected Versions
Cisco / Cisco Enterprise NFV Infrastructure Software
4.1.1 3.9.1 3.5.2 3.12.2 3.6.2 3.9.2 3.11.3 3.11.1 3.5.1 3.3.1 3.10.2 3.12.1b 3.4.1 3.12.1a 3.6.3 3.8.1 3.11.2 3.12.1 3.12.3 3.10.1 3.6.1 3.10.3 3.7.1 4.1.2 4.2.1 4.2.2 4.4.1 4.4.2 4.5.1 4.4.3 4.6.1 4.7.1 4.6.2-FC2 4.6.2-FC3 4.6.2 4.8.1 4.8.2 4.9.1 4.6.3 4.9.2-FC5 4.9.2 4.10.1 4.9.3 4.11.1 4.9.4 4.12.1 4.6.4 4.12.2 4.13.1 4.9.4-ES8 4.9.5 4.12.3 4.6.5-ES1 4.9.4-ES9 4.14.1 4.6.3-FC4 4.9.4-FC3 4.12.4 4.15.1 4.9.6 4.16.1 4.15.2 4.12.5 4.15.3 4.15.4 4.18.1 4.12.6 4.18.2 4.18.2a
Cisco / Cisco Unified Computing System (Standalone)
4.0(2g) 3.1(2i) 3.1(1d) 4.0(4i) 4.1(1c) 4.0(2c) 4.0(1e) 4.0(2h) 4.0(4h) 4.0(1h) 4.0(2l) 3.1(3g) 4.0(1.240) 4.0(2f) 4.0(1g) 4.0(2i) 3.1(3i) 4.0(4d) 4.1(1d) 3.1(3c) 4.0(4k) 3.1(2d) 3.1(3a) 3.1(3j) 4.0(2d) 4.1(1f) 4.0(4j) 4.0(2m) 4.0(2k) 4.0(1c) 4.0(4f) 4.0(4c) 3.1(3d) 3.1(2g) 3.1(2c) 4.0(1d) 3.1(2e) 4.0(1a) 4.0(1b) 3.1(3b) 4.0(4b) 3.1(2b) 4.0(4e) 3.1(3h) 4.0(4l) 4.1(1g) 4.1(2a) 4.0(2n) 4.1(1h) 3.1(3k) 4.1(2b) 4.0(2o) 4.0(4m) 4.1(2d) 4.1(3b) 4.0(2p) 4.1(2e) 4.1(2f) 4.0(4n) 4.0(2q) 4.1(3c) 4.0(2r) 4.1(3d) 4.1(2g) 4.1(2h) 4.1(3g) 4.1(3f) 4.1(2j) 4.1(2k) 4.1(3h) 4.2(2a) 4.1(3i) 4.2(2f) 4.2(2g) 4.2(3b) 4.1(3l) 4.2(3d) 4.3(1.230097) 4.2(1e) 4.2(1b) 4.2(1j) 4.2(1i) 4.2(1f) 4.2(1a) 4.2(1c) 4.2(1g) 4.3(1.230124) 4.1(2l) 4.2(3e) 4.3(1.230138) 4.2(3g) 4.3(2.230207) 4.2(3h) 4.2(3i) 4.3(2.230270) 4.1(3m) 4.1(2m) 4.3(2.240002) 4.3(3.240022) 4.2(3j) 4.1(3n) 4.3(2.240009) 4.3(3.240041) 4.2(3k) 4.3(3.240043) 4.3(4.240142) 4.3(2.240037) 4.3(2.240053) 4.3(4.240152) 4.2(3l) 4.3(2.240077) 4.3(4.242028) 4.3(4.241063) 4.3(4.242038) 4.2(3m) 4.3(2.240090) 4.3(5.240021) 4.3(2.240107) 4.3(4.242066) 4.2(3n) 4.3(5.250001) 4.2(3o) 4.3(2.250016) 4.3(2.250021) 4.3(5.250030) 4.3(2.250022) 4.3(6.250039) 4.3(6.250040) 4.3(5.250033) 4.3(6.250044) 4.3(6.250053) 4.3(2.250037) 4.3(2.250045) 4.3(4.252001) 4.3(4.252002) 6.0(1.250127) 4.2(3p) 6.0(1.250131) 4.3(6.250101) 6.0(1.250174) 4.3(6.250117) 4.3(5.250043) 4.3(5.250045) 4.3(6.250060) 6.0(1.250130) 4.3(4.241014) 4.3(2.250063) 6.0(1.250192) 4.3(6.260003) 6.0(1.250194)
Cisco / Cisco Unified Computing System E-Series Software (UCSE)
3.2.7 3.2.6 3.2.4 3.2.10 3.2.2 3.2.3 2.4.0 3.2.1 3.2.11.1 3.2.8 3.1.1 3.0.2 2.1.0 2.2.2 3.1.2 3.0.1 2.3.2 2.3.5 2.2.1 3.1.4 2.4.1 2.3.1 3.1.3 2.3.3 2.4.2 3.1.5 3.1.0 2.0.0 3.2.11.3 3.2.11.5 3.2.12.2 3.2.13.6 3.2.14 4.11.1 3.2.15 4.12.1 3.2.15.3 4.12.2 3.2.16.1 4.00 4.15.2 4.02