← Back

CVE-2025-20116

nvd nist
Published: Feb 26, 2025Modified: Jul 31, 2025

JSON object

Loading...
4.8
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Exploitability: 1.7 / Impact: 2.7
Source: psirt@cisco.com (Secondary)

Description

A vulnerability in the web UI of Cisco APIC could allow an authenticated, remote attacker to perform a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper input validation in the web UI. An authenticated attacker could exploit this vulnerability by injecting malicious code into specific pages of the web UI. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web UI or access sensitive, browser-based information.

Affected (128)

Cisco
1 product
Application Policy Infrastructure Controller
Configuration A
128 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Application Policy Infrastructure Controller
Version 3.2(10e)
Application Policy Infrastructure Controller
Version 3.2(10f)
Application Policy Infrastructure Controller
Version 3.2(10g)
Application Policy Infrastructure Controller
Version 3.2(1l)
Application Policy Infrastructure Controller
Version 3.2(1m)
Application Policy Infrastructure Controller
Version 3.2(2l)
Application Policy Infrastructure Controller
Version 3.2(2o)
Application Policy Infrastructure Controller
Version 3.2(3i)
Application Policy Infrastructure Controller
Version 3.2(3j)
Application Policy Infrastructure Controller
Version 3.2(3n)
Application Policy Infrastructure Controller
Version 3.2(3o)
Application Policy Infrastructure Controller
Version 3.2(3r)
Application Policy Infrastructure Controller
Version 3.2(3s)
Application Policy Infrastructure Controller
Version 3.2(41d)
Application Policy Infrastructure Controller
Version 3.2(4d)
Application Policy Infrastructure Controller
Version 3.2(4e)
Application Policy Infrastructure Controller
Version 3.2(5d)
Application Policy Infrastructure Controller
Version 3.2(5e)
Application Policy Infrastructure Controller
Version 3.2(5f)
Application Policy Infrastructure Controller
Version 3.2(6i)
Application Policy Infrastructure Controller
Version 3.2(7f)
Application Policy Infrastructure Controller
Version 3.2(7k)
Application Policy Infrastructure Controller
Version 3.2(8d)
Application Policy Infrastructure Controller
Version 3.2(9b)
Application Policy Infrastructure Controller
Version 3.2(9f)
Application Policy Infrastructure Controller
Version 3.2(9h)
Application Policy Infrastructure Controller
Version 4.0(1h)
Application Policy Infrastructure Controller
Version 4.0(2c)
Application Policy Infrastructure Controller
Version 4.0(3c)
Application Policy Infrastructure Controller
Version 4.0(3d)
Application Policy Infrastructure Controller
Version 4.1(1a)
Application Policy Infrastructure Controller
Version 4.1(1i)
Application Policy Infrastructure Controller
Version 4.1(1j)
Application Policy Infrastructure Controller
Version 4.1(1k)
Application Policy Infrastructure Controller
Version 4.1(1l)
Application Policy Infrastructure Controller
Version 4.1(2g)
Application Policy Infrastructure Controller
Version 4.1(2m)
Application Policy Infrastructure Controller
Version 4.1(2o)
Application Policy Infrastructure Controller
Version 4.1(2s)
Application Policy Infrastructure Controller
Version 4.1(2u)
Application Policy Infrastructure Controller
Version 4.1(2w)
Application Policy Infrastructure Controller
Version 4.1(2x)
Application Policy Infrastructure Controller
Version 4.2(1g)
Application Policy Infrastructure Controller
Version 4.2(1i)
Application Policy Infrastructure Controller
Version 4.2(1j)
Application Policy Infrastructure Controller
Version 4.2(1l)
Application Policy Infrastructure Controller
Version 4.2(2e)
Application Policy Infrastructure Controller
Version 4.2(2f)
Application Policy Infrastructure Controller
Version 4.2(2g)
Application Policy Infrastructure Controller
Version 4.2(3j)
Application Policy Infrastructure Controller
Version 4.2(3l)
Application Policy Infrastructure Controller
Version 4.2(3n)
Application Policy Infrastructure Controller
Version 4.2(3q)
Application Policy Infrastructure Controller
Version 4.2(4i)
Application Policy Infrastructure Controller
Version 4.2(4k)
Application Policy Infrastructure Controller
Version 4.2(4o)
Application Policy Infrastructure Controller
Version 4.2(4p)
Application Policy Infrastructure Controller
Version 4.2(5k)
Application Policy Infrastructure Controller
Version 4.2(5l)
Application Policy Infrastructure Controller
Version 4.2(5n)
Application Policy Infrastructure Controller
Version 4.2(6d)
Application Policy Infrastructure Controller
Version 4.2(6g)
Application Policy Infrastructure Controller
Version 4.2(6h)
Application Policy Infrastructure Controller
Version 4.2(6l)
Application Policy Infrastructure Controller
Version 4.2(6o)
Application Policy Infrastructure Controller
Version 4.2(7f)
Application Policy Infrastructure Controller
Version 4.2(7l)
Application Policy Infrastructure Controller
Version 4.2(7q)
Application Policy Infrastructure Controller
Version 4.2(7r)
Application Policy Infrastructure Controller
Version 4.2(7s)
Application Policy Infrastructure Controller
Version 4.2(7t)
Application Policy Infrastructure Controller
Version 4.2(7u)
Application Policy Infrastructure Controller
Version 4.2(7v)
Application Policy Infrastructure Controller
Version 4.2(7w)
Application Policy Infrastructure Controller
Version 5.0(1k)
Application Policy Infrastructure Controller
Version 5.0(1l)
Application Policy Infrastructure Controller
Version 5.0(2e)
Application Policy Infrastructure Controller
Version 5.0(2h)
Application Policy Infrastructure Controller
Version 5.1(1h)
Application Policy Infrastructure Controller
Version 5.1(2e)
Application Policy Infrastructure Controller
Version 5.1(3e)
Application Policy Infrastructure Controller
Version 5.1(4c)
Application Policy Infrastructure Controller
Version 5.2(1g)
Application Policy Infrastructure Controller
Version 5.2(2e)
Application Policy Infrastructure Controller
Version 5.2(2f)
Application Policy Infrastructure Controller
Version 5.2(2g)
Application Policy Infrastructure Controller
Version 5.2(2h)
Application Policy Infrastructure Controller
Version 5.2(3e)
Application Policy Infrastructure Controller
Version 5.2(3f)
Application Policy Infrastructure Controller
Version 5.2(3g)
Application Policy Infrastructure Controller
Version 5.2(4d)
Application Policy Infrastructure Controller
Version 5.2(4e)
Application Policy Infrastructure Controller
Version 5.2(4f)
Application Policy Infrastructure Controller
Version 5.2(4h)
Application Policy Infrastructure Controller
Version 5.2(5c)
Application Policy Infrastructure Controller
Version 5.2(5d)
Application Policy Infrastructure Controller
Version 5.2(5e)
Application Policy Infrastructure Controller
Version 5.2(6e)
Application Policy Infrastructure Controller
Version 5.2(6g)
Application Policy Infrastructure Controller
Version 5.2(6h)
Application Policy Infrastructure Controller
Version 5.2(7f)
Application Policy Infrastructure Controller
Version 5.2(7g)
Application Policy Infrastructure Controller
Version 5.2(8d)
Application Policy Infrastructure Controller
Version 5.2(8e)
Application Policy Infrastructure Controller
Version 5.2(8f)
Application Policy Infrastructure Controller
Version 5.2(8g)
Application Policy Infrastructure Controller
Version 5.2(8h)
Application Policy Infrastructure Controller
Version 5.2(8i)
Application Policy Infrastructure Controller
Version 5.3(1d)
Application Policy Infrastructure Controller
Version 5.3(2a)
Application Policy Infrastructure Controller
Version 5.3(2b)
Application Policy Infrastructure Controller
Version 5.3(2c)
Application Policy Infrastructure Controller
Version 5.3(2d)
Application Policy Infrastructure Controller
Version 5.3(2e)
Application Policy Infrastructure Controller
Version 6.0(1g)
Application Policy Infrastructure Controller
Version 6.0(1j)
Application Policy Infrastructure Controller
Version 6.0(2h)
Application Policy Infrastructure Controller
Version 6.0(2j)
Application Policy Infrastructure Controller
Version 6.0(3d)
Application Policy Infrastructure Controller
Version 6.0(3e)
Application Policy Infrastructure Controller
Version 6.0(3g)
Application Policy Infrastructure Controller
Version 6.0(4c)
Application Policy Infrastructure Controller
Version 6.0(5h)
Application Policy Infrastructure Controller
Version 6.0(5j)
Application Policy Infrastructure Controller
Version 6.0(6c)
Application Policy Infrastructure Controller
Version 6.0(7e)
Application Policy Infrastructure Controller
Version 6.0(8d)
Application Policy Infrastructure Controller
Version 6.1(1f)

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (1)

Source: psirt@cisco.com
Vendor Advisory

Timeline

No history available yet.