CVE-2025-20240 | Cisco IOS XE up to 17.16.1a Web UI incomplete denylist to cross-site scripting (cisco-sa-webui-xss-VWyDgjOU)

Inserito da Angelo Barbosa | Set 24, 2025 | CVE

A vulnerability labeled as problematic has been found in Cisco IOS XE. This affects an unknown function of the component Web UI. Executing manipulation can lead to incomplete denylist to cross-site scripting.

This vulnerability is tracked as CVE-2025-20240. The attack can be launched remotely. No exploit exists.

The affected component should be upgraded.

CVE-2025-20240 | Cisco IOS XE up to 17.16.1a Web UI incomplete denylist to cross-site scripting (cisco-sa-webui-xss-VWyDgjOU)

Post correlati

CVE-2024-8548 | cagdasdag KB Support Plugin up to 1.6.6 on WordPress authorization

CVE-2024-36789 | Netgear WNR614/N300 weak password

CVE-2024-9329 | Eclipse Glassfish up to 7.0.16 /management/domain Host parameters

CVE-2024-4400 | BoldGrid Post and Page Builder Plugin up to 1.26.4 on WordPress cross site scripting