Cisco warns of stored XSS flaws in Identity Services Engine web management interface
Cisco's May 5 PSIRT advisory discloses multiple stored cross-site scripting vulnerabilities in the web-based management interface of Identity Services Engine (ISE).
At a glance
- Multiple stored XSS vulnerabilities affect the web-based management interface of Cisco ISE
- Exploitation requires an authenticated remote attacker and stems from insufficient input validation, per Cisco
VERDICT — CONFIRMED
Cisco's May 5 PSIRT advisory discloses multiple stored cross-site scripting vulnerabilities in the web-based management interface of Identity Services Engine (ISE). Per the advisory, the flaws stem from insufficient validation of user-supplied input: an authenticated remote attacker could inject malicious code into specific interface pages, executing arbitrary script in the context of the interface or accessing sensitive browser-based information. Exploitation requires valid credentials to the affected interface.
Key facts on file
- Multiple stored XSS vulnerabilities affect the web-based management interface of Cisco ISE
- Exploitation requires an authenticated remote attacker and stems from insufficient input validation, per Cisco
