Medium4.8Cisco Updated
Cisco Identity Services Engine Multiple Cross-Site Scripting Vulnerabilities
cisco-sa-isexss-BS8ctE7U Published Apr 15, 2026Updated by vendor Apr 15, 2026
CVE-2026-20132
Affected products & platforms
CiscoISEIdentity Services Engine
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative write privileges to conduct a stored cross-site scripting (XSS) attack or a reflected XSS attack against a user of the web-based management interface of an affected device.
Affected versions
- Scope: These vulnerabilities affect Cisco ISE, regardless of device configuration.
- 3.1 and earlier — Migrate to a fixed release
- Release 3.2 (first fixed: 3.2 Patch 8)
- Release 3.3 (first fixed: 3.3 Patch 5)
- Release 3.4 (first fixed: 3.4 Patch 2)
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Fixed versions
- 3.2 Patch 8
- 3.3 Patch 5
- 3.4 Patch 2
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Mitigation checklist
Recommended fix / mitigation
- Upgrade to the first fixed release for your train per the Fixed Releases table in this advisory.
- Release 3.1 and earlier: migrate to a fixed release.
- Release 3.2: upgrade to 3.2 Patch 8.
- Release 3.3: upgrade to 3.3 Patch 5.
- Release 3.4: upgrade to 3.4 Patch 2.
Temporary workarounds
- There are no workarounds that address these vulnerabilities.
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.