CVE-2022-20627 MEDIUM

CVE-2022-20627: Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities

Vendor Cisco
Product Cisco Firepower Management Center
Weakness CWE-79 · XSS
Published May 3, 2022
Last update November 6, 2024
View on NVD All CVEs

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.

Key dates

02Disclosure timeline

May 3, 2022 CVE published
November 6, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-10884 SimpleForm Contact Form Submissions <= 2.1.0 - Reflected Cross-Site Scripting CVE-2024-4668 Gum Elementor Addon <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Price Table and Post Slider Widgets CVE-2025-4221 Animated Buttons <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-50464 WordPress Kodex Posts likes plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability CVE-2025-11291 ixmaps website2017 HTTP GET Request map.php cross site scripting