CVE-2025-20356

Name of the Vulnerable Software and Affected Versions Cisco Cyber Vision Center (affected versions not specified)

Description A flaw exists in the web-based management interface of Cisco Cyber Vision Center that could permit an authenticated, remote attacker to perform cross-site scripting (XSS) attacks against a user of the interface. The issue stems from inadequate validation of user-supplied input. An attacker could inject malicious code into specific pages of the interface, potentially enabling the execution of arbitrary script code or access to sensitive, browser-based information. To exploit this, the attacker requires valid administrative credentials granting access to the Sensor Explorer page. The Admin and Product user roles, along with any custom users configured with access to the Sensors page, are susceptible.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.