Cross site scripting

2023-01-2007:15:00

PRIOn knowledge base

www.prio-n.com

cross site scripting

cisco identity services engine

web-based management interface

authentication

remote attacker

improper validation

html

script code

software updates

nvd

0.001 Low

EPSS

Percentile

26.0%

JSON

A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to conduct cross-site scripting attacks against other users of the application web-based management interface.

This vulnerability is due to improper validation of input to an application feature before storage within the web-based management interface. An attacker could exploit this vulnerability by creating entries within the application interface that contain malicious HTML or script code. A successful exploit could allow the attacker to store malicious HTML or script code within the application interface for use in further cross-site scripting attacks.

Cisco has not yet released software updates that address this vulnerability.

CPENameOperatorVersion
identity_services_enginelt2.6.0
identity_services_engineeq2.6.0 patch1
identity_services_engineeq2.6.0 patch2
identity_services_engineeq2.6.0 patch3
identity_services_engineeq2.6.0 patch6
identity_services_engineeq2.6.0 patch5
identity_services_engineeq2.6.0
identity_services_engineeq2.6.0 patch7
identity_services_engineeq2.7.0 patch2
identity_services_engineeq3.0.0

Name	Operator	Version
identity_services_engine	lt	2.6.0
identity_services_engine	eq	2.6.0 patch1
identity_services_engine	eq	2.6.0 patch2
identity_services_engine	eq	2.6.0 patch3
identity_services_engine	eq	2.6.0 patch6
identity_services_engine	eq	2.6.0 patch5
identity_services_engine	eq	2.6.0
identity_services_engine	eq	2.6.0 patch7
identity_services_engine	eq	2.7.0 patch2
identity_services_engine	eq	3.0.0