1688 matches found
CVE-2026-20076 Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied inpu...
Cisco Identity Services Engine Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. This vulnerability is due to...
Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied inpu...
PT-2026-3069
Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC affected versions not specified Description A flaw exists in the web-based management interface of Cisco Identity Services Engine ISE and Cisco ISE Passive...
Cisco Identity Services Engine and Cisco ISE Passive Identity Connector security vulnerabilities
Cisco Identity Services Engine Cisco ISE and Cisco ISE Passive Identity Connector are both products of the American company Cisco. Cisco Identity Services Engine is an Identity Services Engine ISE platform. This platform collects real-time information from networks, users, and devices, and develo...
Cisco Identity Services Engine (cisco-sa-ise-xss-9TDh2kx)
According to its self-reported version, Cisco ISE is affected by a vulnerability. - A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the...
Cisco Identity Services Engine (cisco-sa-ise-xss-964cdxW5)
According to its self-reported version, Cisco ISE is affected by a vulnerability. - A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker to conduct cross- site...
The vulnerability of the Cisco Identity Services Engine (ISE) policy management platform and the Cisco ISE Passive Identity Connector (ISE-PIC) virtual authentication data collection device lies in the improper limitation on XML links to external objects. This allows attackers to load arbitrary files.
The vulnerability of the Cisco Identity Services Engine ISE policy management platform and the Cisco ISE Passive Identity Connector ISE-PIC virtual authentication data collection device is related to an incorrect limitation on XML references to external objects. Exploiting this vulnerability coul...
CVE-2026-20029
A vulnerability in the licensing features of Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information. This vulnerability is due to improper parsing of X...
Cisco Identity Services Engine getSpecificPLRfromAuthCode XML External Entity Processing Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco Identity Services Engine. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the getSpecificPLRfromAuthCode method. Due to t...
The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) and the Cisco ISE Passive Identity Connector (ISE-PIC), a virtual device for collecting user authentication data, allows attackers to carry out XSS attacks.
The vulnerability of the Cisco Identity Services Engine ISE web interface and the Cisco ISE Passive Identity Connector ISE-PIC virtual authentication data collection device is related to the lack of security measures for the web page structure. Exploiting this vulnerability allows a malicious act...
Cisco Patches ISE Security Vulnerability After Public PoC Exploit Release
Cisco has released updates to address a medium-severity security flaw in Identity Services Engine ISE and ISE Passive Identity Connector ISE-PIC with a public proof-of-concept PoC exploit. The vulnerability, tracked as CVE-2026-20029 CVSS score: 4.9, resides in the licensing feature and could all...
CVE-2026-20029 Cisco Identity Services Engine XML External Entity Processing Information Disclosure Vulnerability
A vulnerability in the licensing features of Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information. This vulnerability is due to improper parsing of X...
CVE-2026-20029 Cisco Identity Services Engine XML External Entity Processing Information Disclosure Vulnerability
A vulnerability in the licensing features of Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information. This vulnerability is due to improper parsing of X...
CVE-2026-20029
Cisco ISE and ISE-PIC are affected by an XML External Entity (XXE) processing vulnerability in the licensing feature. An authenticated attacker with administrative privileges can upload a malicious file via the web-based management interface and read arbitrary files from the underlying OS (potent...
Cisco Identity Services Engine XML External Entity Processing Information Disclosure Vulnerability
A vulnerability in the licensing features of Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information. This vulnerability is due to improper parsing of X...
PT-2026-2048
Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine versions prior to 3.2 Patch 8 Cisco ISE Passive Identity Connector versions prior to 3.2 Patch 8 Cisco Identity Services Engine versions prior to 3.3 Patch 8 Cisco ISE Passive Identity Connector versions prior to...
Cisco Identity Services Engine(Cisco ISE)和Cisco ISE Passive Identity Connector 代码问题漏洞
The Cisco Identity Services Engine Cisco ISE and Cisco ISE Passive Identity Connector are both products of Cisco, Inc.The Cisco Identity Services Engine is an environment-aware platform ISE Cisco Identity Services Engine is an environment-aware platform ISE. The platform oversees the network by...
Cisco Identity Services Engine (cisco-sa-ise-xxe-jWSbSDKt)
According to its self-reported version, Cisco ISE is affected by a vulnerability. - A vulnerability in the licensing features ofCisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker with administrative privileges to gain...
📄 Cisco ISE API 3.2 Command Injection
Proof of concept exploit for a command injection vulnerability in Cisco ISE API version 3.2. ============================================================================================================================================= | Title : Cisco ISE API 3.2 command injection Exploits | |...