How severe is CVE-2025-20267?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.8 out of 10.

What type of vulnerability is CVE-2025-20267?

This is classified as CWE-80, which is a common weakness in software security.

CVE-2025-20267 - MEDIUM Severity | CVSS 4.8

Vulnerability Description

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid administrative credentials.

Related Vulnerabilities

CVE-2017-20098

MEDIUM

CVSS:4.8(Medium)

A vulnerability was found in Admin Custom Login Plugin 2.4.5.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting (Persistent...

CWE-802017

CVE-2019-18944

MEDIUM

CVSS:4.8(Medium)

Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected XSS.

CWE-802019

CVE-2020-5267

MEDIUM

CVSS:4.8(Medium)

In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be...

CWE-802020

CVE-2021-32719

MEDIUM

CVSS:4.8(Medium)

RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management` p...

CWE-802021

CVE-2021-39348

MEDIUM

CVSS:4.8(Medium)

The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $custom_profile parameter found in the ~/inc/admin/views/backend-user-profile.php file ...

CWE-802021

CVE-2022-20765

MEDIUM

CVSS:4.8(Medium)

A vulnerability in the web applications of Cisco UCS Director could allow an authenticated, remote attacker to conduct a cross-site scripting attack on an affected system. This vulnerability is due to...

CWE-802022