CVE-2026-20111

EPSS -
Veröffentlicht 04.02.2026 16:11:56
Zuletzt bearbeitet 04.02.2026 17:16:14
Quelle psirt@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the interface of an affected system.

This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious code into specific data fields in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker must have valid administrative credentials.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerCisco

≫

Produkt Cisco Prime Infrastructure

Default Statusunknown

Version 3.0.0

Status affected

Version 3.1.0

Status affected

Version 3.1.5

Status affected

Version 2.1

Status affected

Version 2.0.0

Status affected

Version 3.6.0

Status affected

Version 3.7.0

Status affected

Version 3.4.0

Status affected

Version 3.3.0

Status affected

Version 3.2

Status affected

Version 3.5.0

Status affected

Version 3.2.0-FIPS

Status affected

Version 2.2

Status affected

Version 3.8.0-FED

Status affected

Version 3.9.0

Status affected

Version 3.8.0

Status affected

Version 3.10.0

Status affected

Version 3.1.1

Status affected

Version 2.1.2

Status affected

Version 2.2.1

Status affected

Version 2.2.0

Status affected

Version 3.0.2

Status affected

Version 3.0.3

Status affected

Version 3.0.1

Status affected

Version 2.2.2

Status affected

Version 2.2.3

Status affected

Version 2.1.0

Status affected

Version 2.1.1

Status affected

Version 3.9.1

Status affected

Version 2.0.10

Status affected

Version 3.8.1

Status affected

Version 3.7.1

Status affected

Version 3.5.1

Status affected

Version 3.4.2

Status affected

Version 3.3.1

Status affected

Version 3.1.7

Status affected

Version 3.2.1

Status affected

Version 3.2.2

Status affected

Version 3.1.6

Status affected

Version 3.1.2

Status affected

Version 3.4.1

Status affected

Version 3.1.3

Status affected

Version 3.1.4

Status affected

Version 3.0.6

Status affected

Version 2.2.10

Status affected

Version 3.0.4

Status affected

Version 3.0.5

Status affected

Version 2.1.56

Status affected

Version 2.2.4

Status affected

Version 2.2.9

Status affected

Version 2.2.8

Status affected

Version 2.2.5

Status affected

Version 2.2.7

Status affected

Version 2.0.39

Status affected

Version 3.8_DP1

Status affected

Version 3.9_DP1

Status affected

Version 3.7_DP2

Status affected

Version 3.6_DP1

Status affected

Version 3.5_DP4

Status affected

Version 3.5_DP2

Status affected

Version 3.4_DP10

Status affected

Version 3.7_DP1

Status affected

Version 3.5_DP3

Status affected

Version 3.4_DP11

Status affected

Version 3.5_DP1

Status affected

Version 3.4_DP8

Status affected

Version 3.4_DP1

Status affected

Version 3.4_DP3

Status affected

Version 3.4_DP5

Status affected

Version 3.4_DP2

Status affected

Version 3.4_DP7

Status affected

Version 3.4_DP6

Status affected

Version 3.3_DP4

Status affected

Version 3.4_DP4

Status affected

Version 3.4_DP9

Status affected

Version 3.1_DP16

Status affected

Version 3.3_DP2

Status affected

Version 3.3_DP3

Status affected

Version 3.1_DP15

Status affected

Version 3.3_DP1

Status affected

Version 3.1_DP13

Status affected

Version 3.2_DP2

Status affected

Version 3.2_DP1

Status affected

Version 3.2_DP3

Status affected

Version 3.1_DP14

Status affected

Version 3.2_DP4

Status affected

Version 3.1_DP7

Status affected

Version 3.1_DP10

Status affected

Version 3.1_DP11

Status affected

Version 3.1_DP4

Status affected

Version 3.1_DP6

Status affected

Version 3.1_DP12

Status affected

Version 3.1_DP5

Status affected

Version 3.0.7

Status affected

Version 3.1_DP9

Status affected

Version 3.1_DP8

Status affected

Version 3.10_DP1

Status affected

Version 3.10.2

Status affected

Version 3.10.3

Status affected

Version 3.10

Status affected

Version 3.10.1

Status affected

Version 3.7.1 Update 03

Status affected

Version 3.7.1 Update 04

Status affected

Version 3.7.1 Update 06

Status affected

Version 3.7.1 Update 07

Status affected

Version 3.8.1 Update 01

Status affected

Version 3.8.1 Update 02

Status affected

Version 3.8.1 Update 03

Status affected

Version 3.8.1 Update 04

Status affected

Version 3.9.1 Update 01

Status affected

Version 3.9.1 Update 02

Status affected

Version 3.9.1 Update 03

Status affected

Version 3.9.1 Update 04

Status affected

Version 3.10 Update 01

Status affected

Version 3.4.2 Update 01

Status affected

Version 3.6.0 Update 04

Status affected

Version 3.6.0 Update 02

Status affected

Version 3.6.0 Update 03

Status affected

Version 3.6.0 Update 01

Status affected

Version 3.5.1 Update 03

Status affected

Version 3.5.1 Update 01

Status affected

Version 3.5.1 Update 02

Status affected

Version 3.7.0 Update 03

Status affected

Version 2.2.3 Update 05

Status affected

Version 2.2.3 Update 04

Status affected

Version 2.2.3 Update 06

Status affected

Version 2.2.3 Update 03

Status affected

Version 2.2.3 Update 02

Status affected

Version 2.2.1 Update 01

Status affected

Version 2.2.2 Update 03

Status affected

Version 2.2.2 Update 04

Status affected

Version 3.8.0 Update 01

Status affected

Version 3.8.0 Update 02

Status affected

Version 3.7.1 Update 01

Status affected

Version 3.7.1 Update 02

Status affected

Version 3.7.1 Update 05

Status affected

Version 3.9.0 Update 01

Status affected

Version 3.3.0 Update 01

Status affected

Version 3.4.1 Update 02

Status affected

Version 3.4.1 Update 01

Status affected

Version 3.5.0 Update 03

Status affected

Version 3.5.0 Update 01

Status affected

Version 3.5.0 Update 02

Status affected

Version 3.10.4

Status affected

Version 3.10.4 Update 01

Status affected

Version 3.10.4 Update 02

Status affected

Version 3.10.4 Update 03

Status affected

Version 3.10.5

Status affected

Version 3.10.6

Status affected

Version 3.10.6 Update 01

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@cisco.com	4.8	1.7	2.7	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-xss-bYeVKCD

https://nvd.nist.gov/vuln/detail/CVE-2026-20111

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-20111

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-20111

EUVD