Dylan Garnaud

**Name of the Vulnerable Software and Affected Versions** Cisco DNA Center Software (affected versions not specified) **Description** A vulnerability in the web-based management interface could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack, manipulating an authenticated user into executing malicious actions without their awareness or consent. The issue is due to insufficient CSRF protections. An attacker could exploit this by persuading a user to follow a specially crafted link, potentially allowing them to perform arbitrary actions on the device, including modifying the device configuration, disconnecting the user's session, and executing Command Runner commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco DNA Center Software versions prior to 1.3.0.6 Cisco DNA Center Software versions prior to 1.3.1.4 **Description** The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker needs administrator credentials. **Recommendations** For Cisco DNA Center Software versions prior to 1.3.0.6, update to version 1.3.0.6 or later. For Cisco DNA Center Software versions prior to 1.3.1.4, update to version 1.3.1.4 or later. As a temporary workaround, consider restricting access to the web-based management interface to minimize the risk of exploitation. Avoid using the interface with administrator credentials until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** REDCap versions 8.0.0 through 8.10.19 REDCap versions 9.0.0 through 9.1.1 **Description** The issue concerns multiple stored Cross-site scripting (XSS) problems in the admin panel and survey system. An attacker can inject arbitrary malicious HTML or JavaScript code into a user's web browser. **Recommendations** For REDCap versions 8.0.0 through 8.10.19, update to version 8.10.20 or later. For REDCap versions 9.0.0 through 9.1.1, update to version 9.1.2 or later.