cisco-sa-ise-xss1-rgxYry2V: Cisco Identity Services Engine Cross-Site Scripting Vulnerabilities
First published: Wed Oct 20 2021(Updated: )
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss1-rgxYry2V
Credit: Rithin Uppal Visa for reporting the vulnerability associated with CVEAlexander Polce Leary AIG for reporting the vulnerability associated with CVE
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Identity Services Engine | >=All versions earlier than 2.4=2.4<=2.6<2.6 P10 | 2.6 P10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/type
- agent/author
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/severity
- agent/references
- agent/title
- agent/weakness
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/cisco-advisory
- source/Cisco
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco identity services engine
- version/cisco identity services engine/all versions earlier than 2.4
- version/cisco identity services engine/2.4
- version/cisco identity services engine/2.6