Description
A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.

This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid administrative credentials.
Published: 2026-03-25
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Stored Cross‑Site Scripting
Action: Patch Immediately
AI Analysis

Impact

The vulnerability allows an authenticated remote attacker to store malicious script within the Cisco IOS XE web‑based IOx management interface. The injected code runs in the context of the victim’s browser session, allowing the attacker to hijack the session, exfiltrate confidential information, or otherwise interfere with the interface’s operation. This stored XSS results from insufficient validation of user input submitted to specific pages of the interface.

Affected Systems

Cisco IOS XE Software, the web‑based IOx application hosting environment management interface. No specific minor versions were listed, so all releases that include the affected interface are potentially vulnerable.

Risk and Exploitability

The CVSS score of 4.8 indicates a medium severity, and the vulnerability is not listed in the KEV catalog. Because exploitation requires valid administrative credentials, the attack surface is limited to users who can authenticate to the device’s web interface. The remote nature of the interface and lack of additional safeguards mean that once authenticated, an attacker can inject code easily; however, the absence of an EPSS score suggests limited known exploitation activity. Overall, the risk remains moderate, with likely exploitability for attackers who have compromised credentials or otherwise obtained privileged access.

Generated by OpenCVE AI on March 25, 2026 at 19:32 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Cisco IOS XE Software patch or upgrade from Cisco’s official website.
  • Restrict access to the web‑based IOx interface by limiting connections to trusted IP ranges or requiring multi‑factor authentication.
  • Deploy a web application firewall to detect and block cross‑site scripting payloads targeting the management interface.
  • Monitor web‑interface logs for abnormal input attempts or script injections and investigate promptly.

Generated by OpenCVE AI on March 25, 2026 at 19:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco ios Xe Software
Vendors & Products Cisco
Cisco ios Xe Software

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Title Stored Cross‑Site Scripting in Cisco IOS XE Web Interface

Wed, 25 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Description A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid administrative credentials.
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 4.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N'}

Subscriptions

Cisco Ios Xe Software
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-03-27T15:03:45.741Z

Reserved: 2025-10-08T11:59:15.375Z

Link: CVE-2026-20112

cve-icon Vulnrichment

Updated: 2026-03-27T15:03:41.931Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-25T16:16:15.140

Modified: 2026-03-26T15:13:15.790

Link: CVE-2026-20112

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-26T11:42:39Z

Weaknesses