Volerion logoVolerion
Volerion logoVolerion

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in the web-based management interface of Cisco Identity Services Engine (ISE) versions 3.0, 3.1, 3.2, 3.3, and 3.4. This vulnerability allows an authenticated, remote attacker to inject malicious scripts into specific pages of the interface. The issue arises from inadequate validation of user input, enabling the execution of arbitrary scripts in the context of the affected interface or access to sensitive browser-based information. Exploitation requires valid administrative credentials.

Impact

Successful exploitation allows for cross-site scripting, where an attacker can execute scripts in the context of the user's session or access sensitive information from the user's browser.

Remediation

Users can upgrade to Cisco ISE versions 3.2P7, 3.3P4, or 3.4P1. For instructions on upgrading, see the Cisco Identity Service Engine upgrade guides.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
4.5
impact
1.7
exploitability
4.1
remediation
7.7
relevance
0.0
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.