CVE-2025-20296
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability in the web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface.
This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious data into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must be a member of the Administrator or AAA Administrator role.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cisco | Cisco Unified Computing System (Managed) | 4.0(1a) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.1(1d) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.0(4f) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.0(4c) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.0(2b) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.1(2a) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.0(4a) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.0(4e) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 3.2(3p) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.0(4h) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 3.2(3d) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 3.2(3l) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 3.2(3o) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.0(2a) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.1(1c) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.0(1b) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 3.2(3j) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 3.2(2e) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.1(1e) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.0(4d) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 3.2(1d) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 3.2(3i) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.0(4b) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.0(2e) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.1(1a) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 3.2(3h) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.0(4g) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 3.2(2c) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 3.2(3k) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 3.2(3g) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 3.2(2b) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.0(1d) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 3.2(3a) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.0(1c) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 3.2(3e) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 3.2(2d) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.0(4i) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 3.2(2f) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.0(2d) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.1(1b) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 3.2(3n) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 3.2(3b) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.1(2b) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.0(4k) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.1(3a) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.1(3b) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.1(2c) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.0(4l) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.1(4a) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.1(3c) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.1(3d) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.2(1c) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.2(1d) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.0(4m) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.1(3e) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.2(1f) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.1(3f) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.2(1i) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.1(3h) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.2(1k) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.2(1l) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.0(4n) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.2(1m) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.1(3i) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.2(2a) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.2(1n) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.1(3j) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.2(2c) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.2(2d) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.2(3b) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.1(3k) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.0(4o) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.2(2e) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.2(3d) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.2(3e) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.2(3g) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.1(3l) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.3(2b) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.2(3h) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.2(3i) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.3(2c) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.1(3m) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.3(2e) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.3(3a) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.2(3j) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.3(3c) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.3(4a) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.2(3k) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.3(4b) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.3(4c) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.2(3l) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.3(4d) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.3(2f) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.2(3m) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.3(5a) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.3(4e) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.1(3n) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.3(4f) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.2(3n) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.3(5c) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.2(3o) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.3(5d) | affected |
| Cisco | Cisco Unified Computing System (Managed) | 4.3(5e) | affected |
Weaknesses
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.