CVE-2023-20257

Name of the Vulnerable Software and Affected Versions Cisco Prime Infrastructure (affected versions not specified) Cisco Evolved Programmable Network (EPN) Manager (affected versions not specified)

Description A vulnerability in the web-based management interface could allow an authenticated, remote attacker to conduct cross-site scripting attacks. This issue is due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit this by submitting malicious input containing script or HTML content within requests that would be stored within the application interface. A successful exploit could allow the attacker to conduct cross-site scripting attacks against other users of the affected application.

Recommendations For Cisco Prime Infrastructure, consider disabling the web-based management interface until a patch is available. For Cisco Evolved Programmable Network (EPN) Manager, restrict access to the web-based management interface to minimize the risk of exploitation. As a temporary workaround, avoid using the web-based management interface for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.