A vulnerability in the web-based application interface of the Cisco Identity Services Engine (ISE) portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system.
The vulnerability is due to insufficient input validation and output-encoding parameters for data that is passed between an affected client and server. An attacker could exploit this vulnerability by intercepting targeted user packets and injecting malicious code into the targeted traffic stream. A successful exploit could allow the attacker to inject script code into the HTTP flow between the targeted user and the affected system.
For additional information about cross-site scripting attacks and the methods used to exploit these vulnerabilities, see the Cisco Applied Mitigation Bulletin Understanding Cross-Site Scripting (XSS) Threat Vectors and the OWASP reference page Cross-site Scripting (XSS).
There are no workarounds that address this vulnerability.
This advisory is available at the following link:
http://ift.tt/2tpPvKP A vulnerability in the web-based application interface of the Cisco Identity Services Engine (ISE) portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system.
The vulnerability is due to insufficient input validation and output-encoding parameters for data that is passed between an affected client and server. An attacker could exploit this vulnerability by intercepting targeted user packets and injecting malicious code into the targeted traffic stream. A successful exploit could allow the attacker to inject script code into the HTTP flow between the targeted user and the affected system.
For additional information about cross-site scripting attacks and the methods used to exploit these vulnerabilities, see the Cisco Applied Mitigation Bulletin Understanding Cross-Site Scripting (XSS) Threat Vectors and the OWASP reference page Cross-site Scripting (XSS).
There are no workarounds that address this vulnerability.
This advisory is available at the following link:
http://ift.tt/2tpPvKP
Security Impact Rating: Medium
CVE: CVE-2017-6733
from Cisco Security Advisory http://ift.tt/2tpPvKP
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.