Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerability
Summary
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the interface of an affected system. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious code into specific data fields in the interface. A successful exploit could allow the attacker to execute arbitrary scri…
- Scope: At the time of publication, this vulnerability affected Cisco EPNM and Cisco Prime Infrastructure, regardless of device configuration.
- 7.0 and earlier — Migrate to a fixed release
- Release 7.1 (first fixed: 7.1.4.1)
- 8.0 — Migrate to a fixed release
- Release 8.1 (first fixed: 8.1.2.1)
- 3.9 and earlier — Migrate to a fixed release
- Release 3.10 (first fixed: 3.10.6 Security Update 03)
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
- 7.1.4.1
- 8.1.2.1
- 3.10.6 Security Update 03
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Mitigation checklist
- Upgrade to the first fixed release for your train per the Fixed Releases table in this advisory.
- Release 7.0 and earlier: migrate to a fixed release.
- Release 7.1: upgrade to 7.1.4.1.
- Release 8.0: migrate to a fixed release.
- Release 8.1: upgrade to 8.1.2.1.
- Release 3.9 and earlier: migrate to a fixed release.
- Release 3.10: upgrade to 3.10.6 Security Update 03.
- There are no workarounds that address this vulnerability.
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.