Medium4.8Cisco Updated
Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities
cisco-sa-ise-xss-42tgsdMG Published May 5, 2026Updated by vendor May 5, 2026
CVE-2025-20204CVE-2025-20205
Affected products & platforms
CiscoISEIdentity Services Engine
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.
Affected versions
- Scope: At the time of publication, these vulnerabilities affected Cisco ISE, regardless of device configuration.
- 3.4 and earlier — Migrate to a fixed release
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Mitigation checklist
Recommended fix / mitigation
- Upgrade to the first fixed release for your train per the Fixed Releases table in this advisory.
- Release 3.4 and earlier: migrate to a fixed release.
Temporary workarounds
- There are no workarounds that address these vulnerabilities.
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.