CVE-2020-16847
Description
Unauthenticated reflected XSS in Extreme Analytics allows arbitrary script execution via a GET parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Unauthenticated reflected XSS in Extreme Analytics allows arbitrary script execution via a GET parameter.
Vulnerability
Extreme Analytics in Extreme Management Center versions before 8.5.0.169 is vulnerable to unauthenticated reflected cross-site scripting (XSS) due to insufficient sanitization of a parameter in a GET request [1]. The vulnerability is identified as CFD-4887.
Exploitation
An attacker sends a crafted GET request to the vulnerable endpoint containing a malicious script in the parameter. No authentication is required. The victim must be tricked into clicking the crafted link or visiting a page containing the link, causing the script to execute in the victim's browser within the context of the Extreme Analytics web interface.
Impact
Successful exploitation allows the attacker to execute arbitrary JavaScript in the victim's browser. This can lead to theft of session cookies, web page defacement, or other actions performed on behalf of the authenticated victim within the Extreme Management Center context.
Mitigation
The vulnerability is fixed in Extreme Management Center version 8.5.0.169 [1]. Users should upgrade to this version or later immediately. If upgrade is not possible, restrict access to the vulnerable interface or apply web application firewall rules to filter malicious inputs.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Extreme Analytics/Extreme Management Centerdescription
- Range: <8.5.0.169
- Range: <8.5.0.169
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- documentation.extremenetworks.com/release_notes/netsight/XMC_8.5.0_Release_Notes.pdfmitrex_refsource_MISC
- gtacknowledge.extremenetworks.com/articles/Solution/000051136mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.