Volerion logoVolerion
Volerion logoVolerion

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

Vulnerability

A stored cross-site scripting vulnerability has been identified in the web-based management interface of Cisco Identity Services Engine (ISE). This issue allows authenticated, remote attackers to inject malicious scripts into specific pages of the interface. The vulnerability arises from inadequate validation of user input, enabling attackers to execute arbitrary scripts in the context of the affected interface or access sensitive browser-based information. Exploitation requires valid administrative credentials.

Impact

Successful exploitation allows for cross-site scripting attacks, where an attacker can inject and execute malicious scripts in the context of the user's session.

Remediation

Cisco has released software updates to address this vulnerability. Instructions for upgrading can be found in the Cisco Identity Services Engine Upgrade Guides. Users should consult the Cisco Security Advisories page for information on fixed releases.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
4.5
impact
2.3
exploitability
4.1
remediation
7.7
relevance
0.0
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.