Wednesday, December 7, 2016

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

Cisco Identity Services Engine (ISE) contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system.

The vulnerability is due to insufficient input validation of some parameters passed via HTTP GET or POST methods. An attacker may be able to exploit this vulnerability by intercepting the user packets and injecting the malicious code.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://ift.tt/2hgWqTt Cisco Identity Services Engine (ISE) contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system.

The vulnerability is due to insufficient input validation of some parameters passed via HTTP GET or POST methods. An attacker may be able to exploit this vulnerability by intercepting the user packets and injecting the malicious code.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
http://ift.tt/2hgWqTt
Security Impact Rating: Medium
CVE: CVE-2016-9214

from Cisco Security Advisory http://ift.tt/2hgWqTt
Posted by at

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)