VDB
CVE-2026-20085
CVE-2026-20085
PUBLISHED
CVSS 6.099999904632568 MEDIUM
A vulnerability in the web-based management interface of Cisco IMC could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information.
EPSS 0.02% · 7.1th percentile
Risk Scores
CVSS 3.1
6.099999904632568
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
0.02%
7.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco Unified Computing System E-Series Software (UCSE) | 3.2.7, 3.2.6, 3.2.4 |
| Cisco | Cisco Enterprise NFV Infrastructure Software | 4.1.1, 3.9.1, 3.5.2 |
| Cisco | Cisco Unified Computing System (Standalone) | 4.3(5.250030), 4.3(2.250022), 4.3(6.250040) |
Exploit Intelligence
- cisco-sa-cimc-xss-A2tkgVAB (circl)
Timeline
- Apr 1, 2026 CVE Published
- Apr 22, 2026 CVE Updated
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score
- May 25, 2026 EPSS Score
- May 26, 2026 EPSS Score
- May 27, 2026 EPSS Score