XSS in Cisco Identity_services_engine_software
CVE-2014-0681
Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine (ISE) 1.2 patch 2 and earlier allows remote attackers to inject arbitrary web script or HTML via a report containing a crafted URL that is not properly handled duri…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.007 (72.6th percentile) — read the EPSS interpretation.
Affected products
- Cisco Identity_services_engine_software
- N/a — versions n/a
Weakness classification (CWE)
References
- 20140128 Cisco Identity Services Engine Reports Output Cross-Site Scripting Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
- 102589 (x_refsource_OSVDB, vdb-entry, Broken Link)
- 1029699 (vdb-entry, x_refsource_SECTRACK)
- 56714 (Permissions Required, x_refsource_SECUNIA, third-party-advisory)
- psirt@cisco.com (x_refsource_CONFIRM, Vendor Advisory)
- 65183 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)