A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The attacker must have valid administrator credentials. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by injecting malicious code into a troubleshooting file. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
2019-10-16T19:15:15.347
2024-11-21T04:28:22.150
Modified
CVSSv3.1: 4.8 (MEDIUM)
AV:N/AC:M/Au:S/C:N/I:P/A:N
6.8
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | cisco | identity_services_engine_software | < 2.4\(0.357\) | Yes |
| Application | cisco | identity_services_engine_software | 2.4\(0.357\) | Yes |
| Application | cisco | identity_services_engine_software | 2.4\(0.357\) | Yes |
| Application | cisco | identity_services_engine_software | 2.4\(0.357\) | Yes |
| Application | cisco | identity_services_engine_software | 2.4\(0.357\) | Yes |
| Application | cisco | identity_services_engine_software | 2.4\(0.357\) | Yes |
| Application | cisco | identity_services_engine_software | 2.4\(0.357\) | Yes |
| Application | cisco | identity_services_engine_software | 2.4\(0.357\) | Yes |
| Application | cisco | identity_services_engine_software | 2.4\(0.357\) | Yes |
| Application | cisco | identity_services_engine_software | 2.4\(0.357\) | Yes |
| Application | cisco | identity_services_engine_software | 2.4\(0.357\) | Yes |