CVSS: 4.8EPSS: 0%CPEs: 23EXPL: 0CVE-2025-20123 – Cisco Crosswork Network Controller Stored Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2025-20123
08 Jan 2025 — Multiple vulnerabilities in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against users of the interface of an affected system. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by inserting malicious data into specific data fields in the interface. A successful exploit could... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xwork-xss-KCcg7WwU • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •