Volerion logoVolerion
Volerion logoVolerion

Cisco Crosswork Network Controller Cross-Site Scripting Vulnerability

Vulnerability

A stored cross-site scripting vulnerability has been identified in the web-based management interface of Cisco Crosswork Network Controller. This vulnerability allows an authenticated, remote attacker to inject malicious scripts that could be executed in the context of the user's browser session. The issue arises because the interface fails to properly validate user input, enabling attackers with administrative credentials to exploit it by inserting harmful data into specific fields. There are no available workarounds, but Cisco has released software updates to address this vulnerability.

Impact

Exploitation of this vulnerability allows for cross-site scripting attacks, where an attacker can execute arbitrary scripts in the context of the affected user's session or access sensitive browser-based information.

Remediation

Users can upgrade to Cisco Crosswork Network Controller versions 5.0.4, 6.0.3, or 7.0.1, where this vulnerability has been fixed.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
1.4
impact
4.2
exploitability
4.1
remediation
7.7
relevance
0.0
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.