CVE-2019-12668— Cisco IOS and IOS XE Software Stored Banner Cross-Site Scripting Vulnerability

EPSS 0.18% · P40 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2019-12668

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Cisco IOS and IOS XE Software Stored Banner Cross-Site Scripting Vulnerability

Source: NVD (National Vulnerability Database)

Vulnerability Description

A vulnerability in the web framework code of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected software using the banner parameter. The vulnerability is due to insufficient input validation of the banner parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by crafting a banner parameter and saving it. The attacker could then convince a user of the web interface to access a malicious link or could intercept a user request for the affected web interface and inject malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Source: NVD (National Vulnerability Database)

Vulnerability Title

Cisco IOS和IOS XE 跨站脚本漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Cisco IOS和IOS XE都是美国思科（Cisco）公司的一套为其网络设备开发的操作系统。 Cisco IOS和Cisco IOS XE中的Web框架代码存在跨站脚本漏洞，该漏洞源于程序没有进行充分的输入验证。远程攻击者可利用该漏洞在受影响Web界面的上下文中执行任意脚本代码或访问基于浏览器的敏感信息。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Cisco	Cisco IOS XE Software 3.6.0E	unspecified ~ n/a	-

II. Public POCs for CVE-2019-12668

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2019-12668

请登录查看更多情报信息。

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-sbxssvendor-advisoryx_refsource_CISCO
https://nvd.nist.gov/vuln/detail/CVE-2019-12668

Same Patch Batch · Cisco · 2019-09-25 · 29 CVEs total

CVE-2019-12709		Cisco IOS XR Software for Cisco ASR 9000 VMAN CLI Privilege Escalation Vulnerability
CVE-2019-12646		Cisco IOS XE Software NAT Session Initiation Protocol Application Layer Gateway Denial of
CVE-2019-12650		Cisco IOS XE Software Web UI Command Injection Vulnerabilities
CVE-2019-12649		Cisco IOS XE Software Digital Signature Verification Bypass Vulnerability
CVE-2019-12648		Cisco IOx for IOS Software Guest Operating System Unauthorized Access Vulnerability
CVE-2019-12647		Cisco IOS and IOS XE Software IP Ident Denial of Service Vulnerability
CVE-2019-12651		Cisco IOS XE Software Web UI Command Injection Vulnerabilities
CVE-2019-12653		Cisco IOS XE Software Raw Socket Transport Denial of Service Vulnerability
CVE-2019-12665		Cisco IOS and IOS XE Software HTTP Client Information Disclosure Vulnerability
CVE-2019-12663		Cisco IOS XE Software TrustSec Protected Access Credential Provisioning Denial of Service
CVE-2019-12661		Cisco IOS XE Software Virtualization Manager CLI Command Injection Vulnerability
CVE-2019-12659		Cisco IOS XE Software HTTP Server Denial of Service Vulnerability
CVE-2019-12657		Cisco IOS XE Software Unified Threat Defense Denial of Service Vulnerability
CVE-2019-12655		Cisco IOS XE Software FTP Application Layer Gateway for NAT, NAT64, and ZBFW Denial of Ser
CVE-2019-12672		Cisco IOS XE Software Arbitrary Code Execution Vulnerability
CVE-2019-12671		Cisco IOS XE Software Consent Token Bypass Vulnerability
CVE-2019-12669		Cisco IOS and IOS XE Software Change of Authorization Denial of Service Vulnerability
CVE-2019-12667		Cisco IOS XE Software Stored Cross-Site Scripting Vulnerability
CVE-2019-12658		Cisco IOS XE Software Filesystem Exhaustion Denial of Service Vulnerability
CVE-2019-12656		Cisco IOx Application Environment Denial of Service Vulnerability

Showing top 20 of 29 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same vendor: Cisco

Same weakness: CWE-79

V. Comments for CVE-2019-12668

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2019-12668— Cisco IOS and IOS XE Software Stored Banner Cross-Site Scripting Vulnerability

I. Basic Information for CVE-2019-12668

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2019-12668

III. Intelligence Information for CVE-2019-12668

Same Patch Batch · Cisco · 2019-09-25 · 29 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2019-12668

Leave a comment