Cisco Identity Services Engine Multiple Cross-Site Scripting Vulnerabilities — CISCO-SA-ISEXSS-BS8CTE7U
Cisco · Cisco · CISCO-SA-ISEXSS-BS8CTE7U
ID
CISCO-SA-ISEXSS-BS8CTE7U
CISCO-SA-ISEXSS-BS8CTE7U
Date
Activity
Source
Cisco
Cisco
Vendor
Cisco
Cisco
Threat
medium
medium
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative write privileges to conduct a stored cross-site scripting (XSS) attack or a reflected XSS attack against a user of the web-based management interface of an affected device. These vulnerabilities are due to insufficient sanitization of…
Product
Cisco Identity Services Engine Multiple Cross-Site Scripting
What to do
General, cautious steps (verify details in the official source):
- Review exposure and plan remediation based on risk and environment.
- Identify affected product versions in your inventory and verify whether you are impacted.
- Apply vendor patches/updates or recommended mitigations as soon as available.
- Read the official advisory for exact affected versions and remediation steps.