Primary

Context

Cisco ISE and ISE-PIC Stored Cross-Site Scripting Vulnerability

Vulnerability

Patched

A stored cross-site scripting vulnerability has been identified in the web-based management interface of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC). This vulnerability allows an authenticated, remote attacker to inject malicious code into specific pages of the interface, which could then be executed in the context of the affected user. The vulnerability arises from insufficient validation of user-supplied input, and exploitation requires at least a low-privileged account on the affected device.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user interface.

Remediation

Cisco has released software updates to address this vulnerability. Instructions for upgrading can be found on the Cisco Identity Services Engine support page.

Added: Aug 6, 2025, 5:26 PM

Updated: Aug 6, 2025, 5:26 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.3

exploitability

4.6

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.3

exploitability

4.6

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cisco ISE and ISE-PIC Stored Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Cisco Identity Services Engine

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating