Cisco Catalyst SD-WAN Manager Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a stored cross-site scripting attack (XSS) on an affected system. <br><br>
This vulnerability is due to improper sanitization of user input to the web-based management interface. An attacker could exploit this vulnerability by submitting a malicious script through the interface. A successful exploit could allow the attacker to conduct a stored XSS attack on the affected system.<br><br>
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br><br>
This advisory is available at the following link:<br><a href=”https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-xss-xhN8M5jt”>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-xss-xhN8M5jt</a><br><br>
<br/>Security Impact Rating: Medium
<br/>CVE: CVE-2025-20147Cisco Security AdvisoryRead More