XSS in Cisco Identity_services_engine_software
CVE-2014-8022
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Identity Services Engine allow remote attackers to inject arbitrary web script or HTML via input to unspecified web pages, aka Bug IDs CSCur69835 and CSCur69776.
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.003 (53.1th percentile) — read the EPSS interpretation.
Affected products
- Cisco Identity_services_engine_software
- N/a — versions n/a
Weakness classification (CWE)
References
- cisco-ises-cve20148022-xss(100664) (vdb-entry, x_refsource_XF)
- 1031560 (vdb-entry, x_refsource_SECTRACK)
- 20150115 Cisco Identity Services Engine Cross-Site Scripting Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
- 20150128 Cisco Identity Services Engine Cross-Site Scripting Vulnerability (x_refsource_CISCO, vendor-advisory)
- 72083 (vdb-entry, x_refsource_BID)