XSS in Cisco Identity_services_engine_software
CVE-2015-4268
Multiple cross-site scripting (XSS) vulnerabilities in the Infra Admin UI in Cisco Identity Services Engine (ISE) 1.2(1.198) and 1.3(0.876) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) G…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.003 (49.9th percentile) — read the EPSS interpretation.
Affected products
- Cisco Identity_services_engine_software — versions 1.2\(1.198\), 1.3\(0.876\)
- N/a — versions n/a
Weakness classification (CWE)
References
- 20150713 Cisco Identity Services Engine Cross-Site Scripting Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
- 1032889 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)