Volerion logoVolerion
Volerion logoVolerion

Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability

Vulnerability

A stored cross-site scripting vulnerability has been identified in the web-based management interface of Cisco Identity Services Engine (ISE). This issue allows authenticated, remote attackers to inject malicious scripts into specific pages of the interface. The vulnerability arises from inadequate validation of user input, enabling attackers to execute arbitrary scripts in the context of the affected interface or access sensitive browser-based information. Exploitation requires valid administrative credentials.

Impact

Successful exploitation allows for stored cross-site scripting, where injected scripts are executed in the context of the user interface, potentially leading to unauthorized access to sensitive information or execution of malicious actions.

Remediation

Users can upgrade to Cisco ISE version 3.2 Patch 8, 3.3 Patch 5, or 3.4 Patch 1. For instructions on upgrading, see the Cisco Identity Services Engine support page.

Added: Jan 15, 2026, 5:23 PM
Updated: Jan 15, 2026, 5:23 PM

Vulnerability Rating

Custom Algorithm
spread
2.6
impact
1.7
exploitability
4.1
remediation
0.0
relevance
2.1
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.