{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/products/integrated-management-controller/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":6.1,"id":"CVE-2026-20085"},{"cvss":4.8,"id":"CVE-2026-20087"},{"cvss":4.8,"id":"CVE-2026-20088"},{"cvss":4.8,"id":"CVE-2026-20089"},{"cvss":4.8,"id":"CVE-2026-20090"}],"_cs_exploited":false,"_cs_products":["Integrated Management Controller"],"_cs_severities":["medium"],"_cs_tags":["xss","cisco","cimc","vulnerability"],"_cs_type":"advisory","_cs_vendors":["Cisco"],"content_html":"\u003cp\u003eMultiple cross-site scripting (XSS) vulnerabilities have been identified in the web-based management interface of the Cisco Integrated Management Controller (IMC). Successful exploitation of these vulnerabilities could allow a remote attacker to inject malicious scripts into the web browser of a user accessing the IMC interface. This could lead to session hijacking, sensitive information disclosure, or other malicious activities performed in the context of the user\u0026rsquo;s session. The vulnerabilities were disclosed on 2026-04-22, and Cisco has released software updates to address them. There are no known workarounds. This threat is relevant for organizations using Cisco IMC to manage their infrastructure.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a vulnerable Cisco IMC web interface.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious URL containing a JavaScript payload designed to execute in the context of a victim\u0026rsquo;s browser session.\u003c/li\u003e\n\u003cli\u003eAttacker delivers the malicious URL to the victim, typically through phishing, social engineering, or by injecting it into a trusted website.\u003c/li\u003e\n\u003cli\u003eVictim clicks on the malicious URL, or the URL is automatically loaded through a compromised website.\u003c/li\u003e\n\u003cli\u003eThe victim\u0026rsquo;s web browser sends an HTTP request to the vulnerable Cisco IMC web server.\u003c/li\u003e\n\u003cli\u003eThe Cisco IMC web server reflects the attacker\u0026rsquo;s malicious JavaScript payload in the HTTP response without proper sanitization.\u003c/li\u003e\n\u003cli\u003eThe victim\u0026rsquo;s web browser executes the malicious JavaScript code.\u003c/li\u003e\n\u003cli\u003eThe attacker\u0026rsquo;s JavaScript code executes within the victim\u0026rsquo;s browser, allowing the attacker to steal cookies, redirect the user, or perform other actions on behalf of the victim.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of these XSS vulnerabilities could allow an attacker to execute arbitrary JavaScript code in the context of a user\u0026rsquo;s session. This could lead to sensitive information disclosure, such as the theft of session cookies, allowing the attacker to hijack the user\u0026rsquo;s session and gain unauthorized access to the Cisco IMC. The attacker could also redirect the user to a malicious website or deface the IMC web interface. While the specific number of vulnerable systems is unknown, organizations using Cisco IMC are potentially at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the software updates released by Cisco to address the vulnerabilities (CVE-2026-20085, CVE-2026-20087, CVE-2026-20088, CVE-2026-20089, CVE-2026-20090).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule provided below to detect potential exploitation attempts against the Cisco IMC web interface.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious HTTP requests containing potentially malicious JavaScript payloads targeting the Cisco IMC web interface.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-23T12:00:00Z","date_published":"2026-04-23T12:00:00Z","id":"/briefs/2026-04-cisco-imc-xss/","summary":"Multiple cross-site scripting (XSS) vulnerabilities in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow a remote attacker to conduct an XSS attack against a user of the interface.","title":"Cisco Integrated Management Controller (IMC) Multiple XSS Vulnerabilities","url":"https://feed.craftedsignal.io/briefs/2026-04-cisco-imc-xss/"}],"language":"en","title":"CraftedSignal Threat Feed — Integrated Management Controller","version":"https://jsonfeed.org/version/1.1"}