Login Sign Up

CVE-2023-20060

6.1 MEDIUM
Cross-Site Scripting

📋 TL;DR

This vulnerability allows unauthenticated remote attackers to conduct cross-site scripting (XSS) attacks against users of Cisco Prime Collaboration Deployment's web management interface. Attackers can trick users into clicking malicious links to execute arbitrary JavaScript in the context of the interface, potentially stealing session cookies or performing actions as the victim. All users of affected Cisco Prime Collaboration Deployment versions are vulnerable.

💻 Affected Systems

Products:
  • Cisco Prime Collaboration Deployment
Versions: All versions prior to the fixed release
Operating Systems: Not OS-specific - runs on Cisco appliances
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects the web-based management interface component

📦 What is this software?

Prime Collaboration Deployment by Cisco

View all CVEs affecting Prime Collaboration Deployment →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker steals administrator session cookies, gains full administrative access to the deployment system, and potentially compromises the entire collaboration infrastructure.

🟠

Likely Case

Attacker steals user session data, performs limited unauthorized actions within the web interface, or captures sensitive information displayed in the browser.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to the web interface itself without lateral movement to backend systems.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires social engineering to trick users into clicking malicious links

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Cisco advisory for specific fixed versions

Vendor Advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pcd-xss-jDXpjm7

Restart Required: Yes

Instructions:

1. Review Cisco advisory for compatible fixed version. 2. Backup current configuration. 3. Download and install the update from Cisco's software download portal. 4. Restart the Prime Collaboration Deployment service.

🧯 If You Can't Patch

  • Restrict network access to the web interface using firewall rules to only trusted IP addresses
  • Implement web application firewall (WAF) rules to block XSS payloads

🔍 How to Verify

Check if Vulnerable:

Check current version via web interface admin panel or CLI, compare against Cisco advisory

Check Version:

Check via web interface: Admin > System > About, or via CLI: show version

Verify Fix Applied:

Verify installed version matches or exceeds the fixed version listed in Cisco advisory

📡 Detection & Monitoring

Log Indicators:

  • Unusual JavaScript execution in web interface logs
  • Multiple failed login attempts followed by successful login from different IP

Network Indicators:

  • HTTP requests containing suspicious script tags or JavaScript payloads to the management interface

SIEM Query:

web.url:*cisco-prime* AND (web.query:*<script* OR web.query:*javascript:* OR web.query:*onclick=*)

📊 Metadata

CVE ID: CVE-2023-20060
CVSS v3 Score: 6.1 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
Published: November 15, 2024
Last Updated: August 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-20060, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)