XSS in Cisco Identity_services_engine
CVE-2013-5541
Cross-site scripting (XSS) vulnerability in the file-upload interface in Cisco Identity Services Engine (ISE) allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename, aka Bug ID CSCui67495.
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.002 (40.1th percentile) — read the EPSS interpretation.
Affected products
- Cisco Identity_services_engine
- Cisco Identity_services_engine_software
- N/a — versions n/a
Weakness classification (CWE)
References
- 20131015 Cisco Identity Services Engine Upload Filename Validation Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)