TL;DR 📌

Cisco Cyber Vision Center has multiple stored cross-site scripting (XSS) vulnerabilities that could allow authenticated remote attackers to execute arbitrary scripts. The highest CVSS score for these vulnerabilities is 5.4, categorized as Medium severity. There are no workarounds available, and users are advised to upgrade to fixed software releases.

What happened 🕵️‍♂️

Multiple vulnerabilities have been identified in the web-based management interface of Cisco Cyber Vision Center. These vulnerabilities arise from insufficient validation of user-supplied input, enabling authenticated attackers to conduct XSS attacks. Successful exploitation could allow attackers to execute arbitrary scripts or access sensitive browser-based information. Specifically, exploitation of CVE-2025-20356 requires administrative access to the Sensor Explorer page, while CVE-2025-20357 requires access to the Reports page.