Cisco Application Policy Infrastructure Controller
Moderate fix2 remedies
cpe:2.3:a:cisco:application_policy_infrastructure_controller:*:*:*:*:*:*:*
Moderate fix2 remedies
- <= 5.3
- >= 6.0, < 6.0(8e)
- >= 6.1, < 6.1(2f)
Cisco APIC Stored Cross-Site Scripting Vulnerability
Vulnerability
Patched
A stored cross-site scripting vulnerability has been identified in the web UI of Cisco Application Policy Infrastructure Controller (APIC). This vulnerability allows an authenticated, remote attacker to inject malicious code into specific pages of the web UI. The issue arises from improper input validation, which could enable the execution of arbitrary script code in the context of the web UI or access to sensitive, browser-based information.
Impact
Exploitation of this vulnerability could lead to a stored cross-site scripting condition, allowing injected scripts to be executed in the context of the user's session.
Remediation
Cisco has released software updates to address this vulnerability. Users are advised to upgrade to version 6.0(8e) or 6.1(2f). For versions prior to 6.0, users should migrate to a fixed release.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
1.4impact
2.3exploitability
4.4remediation
7.7relevance
0.0threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.