How severe is CVE-2023-20257?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.8 out of 10.

What type of vulnerability is CVE-2023-20257?

This is classified as CWE-80, which is a common weakness in software security.

CVE-2023-20257 - MEDIUM Severity | CVSS 4.8

Vulnerability Description

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct cross-site scripting attacks. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by submitting malicious input containing script or HTML content within requests that would stored within the application interface. A successful exploit could allow the attacker to conduct cross-site scripting attacks against other users of the affected application.

Related Vulnerabilities

CVE-2017-20098

MEDIUM

CVSS:4.8(Medium)

A vulnerability was found in Admin Custom Login Plugin 2.4.5.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting (Persistent...

CWE-802017

CVE-2019-18944

MEDIUM

CVSS:4.8(Medium)

Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected XSS.

CWE-802019

CVE-2020-5267

MEDIUM

CVSS:4.8(Medium)

In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be...

CWE-802020

CVE-2021-32719

MEDIUM

CVSS:4.8(Medium)

RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management` p...

CWE-802021

CVE-2021-39348

MEDIUM

CVSS:4.8(Medium)

The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $custom_profile parameter found in the ~/inc/admin/views/backend-user-profile.php file ...

CWE-802021

CVE-2022-20765

MEDIUM

CVSS:4.8(Medium)

A vulnerability in the web applications of Cisco UCS Director could allow an authenticated, remote attacker to conduct a cross-site scripting attack on an affected system. This vulnerability is due to...

CWE-802022