CVE-2020-3591 MEDIUM

CVE-2020-3591: Cisco SD-WAN vManage Cross-Site Scripting Vulnerability

Vendor Cisco
Product Cisco SD-WAN vManage
Weakness CWE-79 · XSS
Published November 6, 2020
Last update November 13, 2024
View on NVD All CVEs

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.

Key dates

02Disclosure timeline

November 6, 2020 CVE published
November 13, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-1500 Royal Elementor Addons and Templates <= 1.3.91 - Authenticated (Contributor+) Stored Cross-Site Scripting via Logo Widget CVE-2023-23971 WordPress WP Time Slots Booking Form Plugin <= 1.1.81 is vulnerable to Cross Site Scripting (XSS) CVE-2024-1030 Cogites eReserv tenancyDetail.php cross site scripting CVE-2025-67932 WordPress Listeo Core plugin < 2.0.19 - Cross Site Scripting (XSS) vulnerability CVE-2025-9992 Ghost Kit <= 3.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting