Cisco DNA Center Cross-Site Scripting Vulnerabilities
Description
Multiple vulnerabilities in the web-based management interface of Cisco DNA Center software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerabilities exist because the web-based management interface on an affected device does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cisco DNA Center is affected by multiple XSS vulnerabilities that allow an unauthenticated remote attacker to execute arbitrary script code in the context of the web-based management interface.
Vulnerability
Cisco DNA Center software, all releases at the time of publication, contains multiple cross-site scripting (XSS) vulnerabilities in its web-based management interface [1]. The interface does not properly validate user-supplied input, allowing an attacker to inject arbitrary script code [1]. Of the three XSS vulnerabilities, two require valid administrative credentials, while the third requires the attacker to have control of a device managed by a vulnerable Cisco DNA Center instance [1].
Exploitation
An unauthenticated, remote attacker can exploit these vulnerabilities by persuading a user of the interface to click a crafted link [1]. For the third vulnerability, the attacker must first gain control of a device managed by the Cisco DNA Center instance [1]. No further authentication is needed for the initial XSS attack vector.
Impact
Successful exploitation allows the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information [1]. This can lead to disclosure of sensitive data or session hijacking.
Mitigation
As of the advisory publication date (August 26, 2020), there are no workarounds available [1]. Cisco has not released fixed software at that time; affected customers should consult the Cisco Security Advisory for updates and apply patches when available [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Cisco/Cisco Digital Network Architecture Center (DNA Center)v5Range: n/a
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-mlt-xss-zUzbcdEVmitrevendor-advisoryx_refsource_CISCO
News mentions
0No linked articles in our index yet.