PT-2025-39297 · Cisco · Cisco Ios Xe

Publicado

2025-09-24

Atualizado

2025-10-01

CVE-2025-20240

CVSS v2.0

6.4

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software (affected versions not specified)

Description A flaw exists in the web UI of Cisco IOS XE Software that could allow a remote attacker to perform a reflected cross-site scripting (XSS) attack. This is caused by insufficient sanitization of user-provided input. An attacker could trick a user into clicking a malicious link, potentially leading to the execution of a reflected XSS attack and the theft of user cookies from the affected device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-692

Identificadores relacionados

BDU:2025-11711

CVE-2025-20240

Produtos afetados

Cisco Ios Xe

PT-2025-39297 · Cisco · Cisco Ios Xe

CVE-2025-20240

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9