CVE-2026-20075
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
15/01/2026
Last modified:
30/01/2026
Description
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the interface of an affected system.<br />
<br />
This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious code into specific data fields in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker must have valid administrative credentials.
Impact
Base Score 3.x
4.80
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:* | 7.0 (including) | |
| cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:* | 7.1.0 (including) | 7.1.4.1 (excluding) |
| cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:* | 8.1.0 (including) | 8.1.2.1 (including) |
| cpe:2.3:a:cisco:evolved_programmable_network_manager:8.0.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:* | 3.9 (including) | |
| cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:* | 3.10.0 (including) | 3.10.6 (including) |
To consult the complete list of CPE names with products and versions, see this page