CVE-2025-20216 – Cisco Catalyst SD-WAN Manager Cross-Site Scripting (XSS)

May 7, 2025

CVE ID : CVE-2025-20216

Published : May 7, 2025, 6:15 p.m. | 1 hour, 20 minutes ago

Description : A vulnerability in the web interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an unauthenticated, remote attacker to inject HTML into the browser of an authenticated user.

This vulnerability is due to improper sanitization of input to the web interface. An attacker could exploit this vulnerability by convincing an authenticated user to click a malicious link. A successful exploit could allow the attacker to inject HTML into the browser of an authenticated Cisco Catalyst SD-WAN Manager user.

Severity: 4.7 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-20202 – Cisco IOS XE Wireless Controller Software CDP Neighbor Report Denial of Service Vulnerability

Next Article CVE-2025-20200 – Cisco IOS XE Software CLI Privilege Escalation Vulnerability

The Psychology Of Color In UX Design And Digital Products

This week in AI dev tools: Claude Sonnet 4’s larger context window, ChatGPT updates, and more (August 15, 2025)

Sentry launches MCP monitoring tool

10 Benefits of Hiring a React.js Development Company (2025–2026 Edition)

I flew Insta360’s new ‘Antigravity’ drone around Los Angeles, and it was impossible to miss a shot

The $100 open-ear headphones that made me forget about my Shokz

5 quick and simple ways to greatly improve the quality of your headphones

Installing a UPS battery backup saved my work PC – here’s the full story

Maintaining Data Consistency with Laravel Database Transactions

Maintaining Data Consistency with Laravel Database Transactions

Building a Multi-Step Form With Laravel, Livewire, and MongoDB

Inertia Releases a New Form Component

Google’s Gemini AI had a full-on meltdown while coding — calling itself a fool, a disgrace, and begging for freedom from its own loop

Google’s Gemini AI had a full-on meltdown while coding — calling itself a fool, a disgrace, and begging for freedom from its own loop

Take-Two hints at $100 price tag for Grand Theft Auto VI — will it deliver on value?

ChatGPT Go offers GPT-5, image creation, and longer memory — all for $5 (if you’re lucky enough to live where it’s available)

CVE-2025-20216 – Cisco Catalyst SD-WAN Manager Cross-Site Scripting (XSS)

Cisco Warns of CVSS 10.0 FMC RADIUS Flaw Allowing Remote Code Execution

Zero Trust + AI: Privacy in the Age of Agentic AI

Momento Migrates Object Cache as a Service to Ampere Altra

Google pulls the plug on your old Nest – but you get nearly 50% off a new thermostat

CVE-2025-48391 – JetBrains YouTrack Unauthenticated Issue Deletion Vulnerability

US and China agree to pause most tariffs for 90 days — how will this affect tech prices?

CVE-2025-21468 – Cisco Firewall Memory Corruption Buffer Overflow

CVE-2024-12915 – Devinim Software Library Cross-site Scripting (XSS)

CVE-2025-6805 – Marvell QConvergeConsole Directory Traversal Vulnerability

New Relic’s GitHub Copilot integration, Snyk’s AI Trust Platform, and DataRobot’s syftr framework – SD Times Daily Digest

CVE-2025-20216 – Cisco Catalyst SD-WAN Manager Cross-Site Scripting (XSS)

Related Posts