CVE-2022-20967: XSS
First published: Wed Jan 18 2023(Updated: )
A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to conduct cross-site scripting attacks against other users of the application web-based management interface. This vulnerability is due to improper validation of input to an application feature before storage within the web-based management interface. An attacker could exploit this vulnerability by creating entries within the application interface that contain malicious HTML or script code. A successful exploit could allow the attacker to store malicious HTML or script code within the application interface for use in further cross-site scripting attacks. Cisco has not yet released software updates that address this vulnerability.
Credit: ykramarz@cisco.com ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Identity Services Engine | <2.6.0 | |
| Cisco Identity Services Engine | =2.6.0 | |
| Cisco Identity Services Engine | =2.6.0-patch1 | |
| Cisco Identity Services Engine | =2.6.0-patch10 | |
| Cisco Identity Services Engine | =2.6.0-patch11 | |
| Cisco Identity Services Engine | =2.6.0-patch12 | |
| Cisco Identity Services Engine | =2.6.0-patch2 | |
| Cisco Identity Services Engine | =2.6.0-patch3 | |
| Cisco Identity Services Engine | =2.6.0-patch5 | |
| Cisco Identity Services Engine | =2.6.0-patch6 | |
| Cisco Identity Services Engine | =2.6.0-patch7 | |
| Cisco Identity Services Engine | =2.6.0-patch8 | |
| Cisco Identity Services Engine | =2.6.0-patch9 | |
| Cisco Identity Services Engine | =2.7.0 | |
| Cisco Identity Services Engine | =2.7.0-patch1 | |
| Cisco Identity Services Engine | =2.7.0-patch2 | |
| Cisco Identity Services Engine | =2.7.0-patch3 | |
| Cisco Identity Services Engine | =2.7.0-patch4 | |
| Cisco Identity Services Engine | =2.7.0-patch5 | |
| Cisco Identity Services Engine | =2.7.0-patch6 | |
| Cisco Identity Services Engine | =2.7.0-patch7 | |
| Cisco Identity Services Engine | =3.0.0 | |
| Cisco Identity Services Engine | =3.0.0-patch1 | |
| Cisco Identity Services Engine | =3.0.0-patch2 | |
| Cisco Identity Services Engine | =3.0.0-patch3 | |
| Cisco Identity Services Engine | =3.0.0-patch4 | |
| Cisco Identity Services Engine | =3.0.0-patch5 | |
| Cisco Identity Services Engine | =3.0.0-patch6 | |
| Cisco Identity Services Engine | =3.1 | |
| Cisco Identity Services Engine | =3.1-patch1 | |
| Cisco Identity Services Engine | =3.1-patch3 | |
| Cisco Identity Services Engine | =3.1-patch4 | |
| Cisco Identity Services Engine | =3.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2022-20967.
What is the severity of CVE-2022-20967?
The severity of CVE-2022-20967 is medium.
What is affected by CVE-2022-20967?
Cisco Identity Services Engine versions up to 2.6.0 are affected by CVE-2022-20967.
What is the CWE (Common Weakness Enumeration) ID for CVE-2022-20967?
The CWE ID for CVE-2022-20967 is CWE-79.
How can I fix CVE-2022-20967?
Apply the necessary patches or updates provided by Cisco to fix CVE-2022-20967.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/references
- agent/weakness
- agent/severity
- agent/first-publish-date
- agent/author
- agent/tags
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/cisco
- canonical/cisco identity services engine
- version/cisco identity services engine/2.6.0
- version/cisco identity services engine/2.6.0-patch1
- version/cisco identity services engine/2.6.0-patch10
- version/cisco identity services engine/2.6.0-patch11
- version/cisco identity services engine/2.6.0-patch12
- version/cisco identity services engine/2.6.0-patch2
- version/cisco identity services engine/2.6.0-patch3
- version/cisco identity services engine/2.6.0-patch5
- version/cisco identity services engine/2.6.0-patch6
- version/cisco identity services engine/2.6.0-patch7
- version/cisco identity services engine/2.6.0-patch8
- version/cisco identity services engine/2.6.0-patch9
- version/cisco identity services engine/2.7.0
- version/cisco identity services engine/2.7.0-patch1
- version/cisco identity services engine/2.7.0-patch2
- version/cisco identity services engine/2.7.0-patch3
- version/cisco identity services engine/2.7.0-patch4
- version/cisco identity services engine/2.7.0-patch5
- version/cisco identity services engine/2.7.0-patch6
- version/cisco identity services engine/2.7.0-patch7
- version/cisco identity services engine/3.0.0
- version/cisco identity services engine/3.0.0-patch1
- version/cisco identity services engine/3.0.0-patch2
- version/cisco identity services engine/3.0.0-patch3
- version/cisco identity services engine/3.0.0-patch4
- version/cisco identity services engine/3.0.0-patch5
- version/cisco identity services engine/3.0.0-patch6
- version/cisco identity services engine/3.1
- version/cisco identity services engine/3.1-patch1
- version/cisco identity services engine/3.1-patch3
- version/cisco identity services engine/3.1-patch4
- version/cisco identity services engine/3.2