Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities — CISCO-SA-ISE-XSS-42TGSDMG
Cisco · Cisco · CISCO-SA-ISE-XSS-42TGSDMG
ID
CISCO-SA-ISE-XSS-42TGSDMG
CISCO-SA-ISE-XSS-42TGSDMG
Date
Activity
Source
Cisco
Cisco
Vendor
Cisco
Cisco
Threat
medium
medium
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit these…
Product
Cisco Identity Services Engine Stored Cross-Site Scripting
What to do
General, cautious steps (verify details in the official source):
- Review exposure and plan remediation based on risk and environment.
- Identify affected product versions in your inventory and verify whether you are impacted.
- Apply vendor patches/updates or recommended mitigations as soon as available.
- Read the official advisory for exact affected versions and remediation steps.