Cisco Identity Services Engine Cross-Site Scripting Vulnerability

2016-12-07T16:00:00
ID CISCO-SA-20161207-ISE1
Type cisco
Reporter Cisco
Modified 2016-12-06T14:59:34

Description

Cisco Identity Services Engine (ISE) contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system.

The vulnerability is due to insufficient input validation of some parameters passed via HTTP GET or POST methods. An attacker may be able to exploit this vulnerability by intercepting the user packets and injecting the malicious code.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ise1["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ise1"]