Cisco Identity Services Engine Cross-Site Scripting Vulnerability
Summary
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code …
- Scope: At the time of publication, this vulnerability affected Cisco ISE and Cisco ISE-PIC, regardless of device configuration.
- Earlier than 3.2 — Migrate to a fixed release
- Release 3.2 (first fixed: 3.2 Patch 8)
- Release 3.3 (first fixed: 3.3 Patch 8)
- Release 3.4 (first fixed: 3.4 Patch 4)
- Release 3.5 (first fixed: Not affected)
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
- 3.2 Patch 8
- 3.3 Patch 8
- 3.4 Patch 4
- Not affected
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Mitigation checklist
- Upgrade to the first fixed release for your train per the Fixed Releases table in this advisory.
- Earlier than 3.2: migrate to a fixed release.
- Release 3.2: upgrade to 3.2 Patch 8.
- Release 3.3: upgrade to 3.3 Patch 8.
- Release 3.4: upgrade to 3.4 Patch 4.
- Release 3.5: upgrade to Not affected.
- There are no workarounds that address this vulnerability.
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.