4.8
CVE-2026-20132
- EPSS 0.04%
- Veröffentlicht 15.04.2026 16:03:14
- Zuletzt bearbeitet 17.04.2026 15:09:46
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
Cisco Identity Services Engine Multiple Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative write privileges to conduct a stored cross-site scripting (XSS) attack or a reflected XSS attack against a user of the web-based management interface of an affected device. These vulnerabilities are due to insufficient sanitization of user-supplied data that is stored in the web page. An attacker could exploit these vulnerabilities by convincing a user of the interface to click a specific link or view an affected web page. The injected script code may be executed in the context of the web-based management interface or allow the attacker to access sensitive browser-based information.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerCisco
≫
Produkt
Cisco Identity Services Engine Software
Default Statusunknown
Version
3.1.0
Status
affected
Version
3.1.0 p1
Status
affected
Version
3.1.0 p3
Status
affected
Version
3.1.0 p2
Status
affected
Version
3.2.0
Status
affected
Version
3.1.0 p4
Status
affected
Version
3.1.0 p5
Status
affected
Version
3.2.0 p1
Status
affected
Version
3.1.0 p6
Status
affected
Version
3.2.0 p2
Status
affected
Version
3.1.0 p7
Status
affected
Version
3.3.0
Status
affected
Version
3.2.0 p3
Status
affected
Version
3.2.0 p4
Status
affected
Version
3.1.0 p8
Status
affected
Version
3.2.0 p5
Status
affected
Version
3.2.0 p6
Status
affected
Version
3.1.0 p9
Status
affected
Version
3.3 Patch 2
Status
affected
Version
3.3 Patch 1
Status
affected
Version
3.3 Patch 3
Status
affected
Version
3.4.0
Status
affected
Version
3.2.0 p7
Status
affected
Version
3.3 Patch 4
Status
affected
Version
3.4 Patch 1
Status
affected
Version
3.1.0 p10
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.106 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@cisco.com | 4.8 | 1.7 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.