cisco-sa-epnmpi-sxss-GSScPGY4: Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerabilities
First published: Wed Apr 02 2025(Updated: )
Multiple vulnerabilities in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow a remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected system.For more information about these vulnerabilities, see the Details section of this advisory.Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnmpi-sxss-GSScPGY4
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Evolved Programmable Network Manager | ||
| Cisco Prime Infrastructure |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of cisco-sa-epnmpi-sxss-GSScPGY4?
The cisco-sa-epnmpi-sxss-GSScPGY4 vulnerability is classified as a high severity issue due to its potential for allowing stored cross-site scripting attacks.
How do I fix cisco-sa-epnmpi-sxss-GSScPGY4?
To fix the cisco-sa-epnmpi-sxss-GSScPGY4 vulnerability, upgrade to the latest version of Cisco Evolved Programmable Network Manager or Cisco Prime Infrastructure as specified in the security advisory.
What products are affected by cisco-sa-epnmpi-sxss-GSScPGY4?
The cisco-sa-epnmpi-sxss-GSScPGY4 vulnerability affects Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure.
What kind of attacks can be executed through cisco-sa-epnmpi-sxss-GSScPGY4?
The cisco-sa-epnmpi-sxss-GSScPGY4 vulnerability can allow remote attackers to conduct stored cross-site scripting (XSS) attacks.
Is user interaction required to exploit cisco-sa-epnmpi-sxss-GSScPGY4?
Yes, user interaction is required for an attacker to successfully exploit the cisco-sa-epnmpi-sxss-GSScPGY4 vulnerability.
- collector/cisco-recent
- source/Cisco
- agent/weakness
- agent/title
- agent/severity
- agent/last-modified-date
- agent/references
- agent/source
- agent/description
- agent/first-publish-date
- agent/type
- agent/event
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- vendor/cisco
- canonical/cisco evolved programmable network manager
- canonical/cisco prime infrastructure