Lucene search

China National Vulnerability DatabaseCNVD-2023-93326

HistoryNov 24, 2023 - 12:00 a.m.

Cisco Identity Services Engine Cross-Site Scripting Vulnerability (CNVD-2023-93326)

2023-11-2400:00:00

China National Vulnerability Database

www.cnvd.org.cn

cisco

identity services engine

cross-site scripting

vulnerability

web-based management

network security

user data

exploitation

html.

6.4 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.0%

JSON

Cisco Identity Services Engine (ISE) is an environment-aware platform (ISE Identity Services Engine) from Cisco. The platform collects real-time information from the network, users and devices, and develops and enforces policies to regulate the network. The Cisco Identity Services Engine suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the web-based management interface, which can be exploited by an attacker to execute arbitrary web script or HTML by injecting a carefully crafted payload.

CPENameOperatorVersion
cisco cisco identity services engineeq3.0
cisco cisco identity services engineeq3.1

CPE	Name	Operator	Version
	cisco cisco identity services engine	eq	3.0
	cisco cisco identity services engine	eq	3.1