First published: Wed Mar 05 2025(Updated: )
A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) could allow a low-privileged, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data in a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
Credit: psirt@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco TelePresence Management Suite | ||
Cisco TelePresence Management Suite | =15.13.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2025-20208 has been rated as a medium severity vulnerability due to its potential for cross-site scripting attacks.
To address CVE-2025-20208, users should upgrade to the latest version of Cisco TelePresence Management Suite that includes the security patch.
CVE-2025-20208 affects users of the Cisco TelePresence Management Suite where the web-based management interface is utilized.
CVE-2025-20208 allows an attacker to perform a cross-site scripting (XSS) attack against users of the management interface.
No, CVE-2025-20208 can be exploited by low-privileged, remote attackers without requiring authentication to the web-based management interface.