CISCO-CVE-2025-20240

MEDIUM6.1

Cisco IOS XE WLC Software Reflected Cross-Site Scripting Vulnerability

Published Sep 24, 2025

Modified 5 months ago

Affected Packages

Cisco IOS XE

CiscoIOSXE

Affected versions:

16.10.116.10.1a16.10.1b16.10.1c16.10.1d16.10.1e16.10.1f16.10.1g16.10.1s16.10.2+229 more

CVSS Analysis

CVSS v3.1

6.1

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

RequiredUI:R

Scope

ChangedS:C

Impact

Confidentiality

LowC:L

Integrity

LowI:L

Availability

NoneA:N

6.1/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Upstream

Ecosystems

Timeline

PublishedSep 24, 2025

ModifiedSep 26, 2025