VDB
CVE-2026-20088
CVE-2026-20088
PUBLISHED
CVSS 4.800000190734863 MEDIUM
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information.
EPSS 0.04% · 12.2th percentile
Risk Scores
CVSS 3.1
4.800000190734863
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
EPSS Score
0.04%
12.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco Unified Computing System E-Series Software (UCSE) | 2.4.0, 3.2.6, 3.2.4 |
| Cisco | Cisco Unified Computing System (Standalone) | 4.0(2n), *, 3.1(3k) |
| Cisco | Cisco Enterprise NFV Infrastructure Software | 4.1.1, 3.5.2, 3.6.2 |
Exploit Intelligence
- cisco-sa-cimc-xss-A2tkgVAB (circl)
Timeline
- Apr 1, 2026 CVE Published
- Apr 22, 2026 CVE Updated
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score
- May 25, 2026 EPSS Score
- May 26, 2026 EPSS Score
- May 27, 2026 EPSS Score