A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected device, related to the Guest Portal. More Information: CSCvd74794. Known Affected Releases: 1.3(0.909) 2.1(0.800).
2017-07-10T20:29:00.750
2025-04-20T01:37:25.860
Deferred
CVSSv3.0: 5.4 (MEDIUM)
AV:N/AC:M/Au:S/C:N/I:P/A:N
6.8
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | cisco | identity_services_engine | 1.3\(0.722\) | Yes |
| Application | cisco | identity_services_engine | 1.3\(0.876\) | Yes |
| Application | cisco | identity_services_engine | 1.3\(0.909\) | Yes |
| Application | cisco | identity_services_engine | 1.3\(106.146\) | Yes |
| Application | cisco | identity_services_engine | 1.3\(120.135\) | Yes |
| Application | cisco | identity_services_engine | 2.1\(0.474\) | Yes |
| Application | cisco | identity_services_engine | 2.1\(0.800\) | Yes |
| Application | cisco | identity_services_engine | 2.1\(102.101\) | Yes |
| Application | cisco | identity_services_engine | 2.1_base | Yes |