Volerion logoVolerion
Volerion logoVolerion

Cisco ISE and ISE-PIC Reflected Cross-Site Scripting Vulnerability

Vulnerability

A reflected cross-site scripting vulnerability has been identified in the web-based management interface of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC). This vulnerability allows an authenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. The issue arises from insufficient validation of user-supplied input, enabling attackers to inject malicious code into specific pages. Exploitation could result in the execution of arbitrary script code in the context of the affected interface or access to sensitive, browser-based information.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Remediation

Cisco has released software updates to address this vulnerability. Instructions for upgrading can be found on the Cisco Identity Services Engine support page.

Added: Nov 5, 2025, 5:34 PM
Updated: Nov 5, 2025, 5:34 PM

Vulnerability Rating

Custom Algorithm
spread
2.6
impact
2.3
exploitability
4.6
remediation
7.7
relevance
0.9
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.