CVE-2020-3113 MEDIUM

CVE-2020-3113: Cisco Data Center Network Manager Stored Cross-Site Scripting Vulnerability

Vendor Cisco
Product Cisco Data Center Network Manager
Weakness CWE-79 · XSS
Published February 19, 2020
Last update November 15, 2024
View on NVD All CVEs

CVSS base score

4.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.

Key dates

02Disclosure timeline

February 19, 2020 CVE published
November 15, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-67960 WordPress WorkScout-Core plugin <= 1.7.06 - Cross Site Scripting (XSS) vulnerability CVE-2024-4626 JetWidgets For Elementor <= 1.0.17 - Authenticated (Contributor+) Stored Cross-Site Scripting via layout_type and id Parameters CVE-2021-24736 Shared Files < 1.6.57 - Admin+ Stored Cross-Site Scripting CVE-2023-28313 Microsoft Dynamics 365 Customer Voice Cross-Site Scripting Vulnerability CVE-2024-2793 Visual Website Collaboration, Feedback & Project Management – Atarim <= 3.30 - Unauthenticated Stored Cross-Site Scripting