Volerion logoVolerion
Volerion logoVolerion

Cisco ISE and ISE-PIC Reflected Cross-Site Scripting Vulnerability

Vulnerability

A reflected cross-site scripting vulnerability has been identified in the web-based management interface of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC). This vulnerability allows an authenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. The issue arises from insufficient validation of user-supplied input, enabling attackers to inject malicious code into specific pages. Exploitation could result in the execution of arbitrary scripts in the context of the affected interface or access to sensitive browser-based information.

Impact

Successful exploitation allows for reflected cross-site scripting, where an attacker can inject and execute malicious scripts in the context of the user's browser session.

Remediation

Cisco has released software updates to address this vulnerability. Instructions for upgrading can be found on the Cisco Identity Services Engine support page.

Added: Nov 5, 2025, 5:36 PM
Updated: Nov 5, 2025, 5:36 PM

Vulnerability Rating

Custom Algorithm
spread
2.6
impact
4.2
exploitability
4.6
remediation
7.7
relevance
1.0
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.