CISCO-SA-VMANAGE-XSS-XHN8M5JT
A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a stored cross-site scripting attack (XSS) on an affected system. This vulnerability is due to improper sanitization of user input to the web-based management interface. An attacker could exploit this vulnerability by submitting a malicious script through the interface. A successful exploit could allow the attacker to conduct a stored XSS attack on the affected system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco Catalyst SD-WAN Manager |
Exploit Intelligence
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-xss-xhN8M5jt (circl)
- https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html (circl)
- https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes (circl)
- https://www.cisco.com/go/psirt (circl)
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-priviesc-WCk7bmmt (circl)
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwanarbfile-2zKhKZwJ (circl)
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catalyst-tls-PqnD5KEJ (circl)
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-fileoverwrite-Uc9tXWH (circl)
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-html-inj-GxVtK6zj (circl)
- https://www.cisco.com/c/en/us/products/routers/sd-wan/eos-eol-notice-listing.html (circl)
…and 3 more exploits
Timeline
- May 7, 2025 CVE Published
References
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-xss-xhN8M5jt advisory
- https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html url
- https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes url
- https://www.cisco.com/go/psirt url
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-priviesc-WCk7bmmt url
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwanarbfile-2zKhKZwJ url
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catalyst-tls-PqnD5KEJ url
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-fileoverwrite-Uc9tXWH url
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-html-inj-GxVtK6zj url
- https://www.cisco.com/c/en/us/products/routers/sd-wan/eos-eol-notice-listing.html url
- https://www.cisco.com/c/en/us/td/docs/routers/sdwan/release/notes/compatibility-and-server-recommendations.html url
- http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html url
- https://software.cisco.com fix