CVE-2020-3406 MEDIUM

CVE-2020-3406: Cisco SD-WAN vManage Software Cross-Site Scripting Vulnerability

Vendor Cisco
Product Cisco SD-WAN vManage
Weakness CWE-79 · XSS
Published July 16, 2020
Last update November 13, 2024
View on NVD All CVEs

CVSS base score

6.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.

Key dates

02Disclosure timeline

July 16, 2020 CVE published
November 13, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-2888 WordPress Post and Page Builder by BoldGrid plugin <= 1.26.2 - Cross Site Scripting (XSS) vulnerability CVE-2024-3645 Essential Addons for Elementor Pro <= 5.8.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title_html_tag' CVE-2024-4615 Elespare – Blog, Magazine and Newspaper Addons for Elementor with Templates, Widgets, Kits, and Header/Footer Builder. One Click Import: No Coding Required! <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Horizontal Nav Menu Widget CVE-2025-22586 WordPress WPEX Replace DB Urls Plugin <= 0.4.0 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2025-52707 WordPress Firelight Lightbox plugin <= 2.3.16 - Cross Site Scripting (XSS) Vulnerability