4.8

CVE-2026-20132

Medienbericht

Cisco Identity Services Engine Multiple Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative write privileges to conduct a stored cross-site scripting (XSS) attack or a reflected XSS attack against a user of the web-based management interface of an affected device.

These vulnerabilities are due to insufficient sanitization of user-supplied data that is stored in the web page. An attacker could exploit these vulnerabilities by convincing a user of the interface to click a specific link or view an affected web page. The injected script code may be executed in the context of the web-based management interface or allow the attacker to access sensitive browser-based information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoIdentity Services Engine Version < 3.2.0
CiscoIdentity Services Engine Version3.2.0 Update-
CiscoIdentity Services Engine Version3.2.0 Updatepatch1
CiscoIdentity Services Engine Version3.2.0 Updatepatch2
CiscoIdentity Services Engine Version3.2.0 Updatepatch3
CiscoIdentity Services Engine Version3.2.0 Updatepatch4
CiscoIdentity Services Engine Version3.2.0 Updatepatch5
CiscoIdentity Services Engine Version3.2.0 Updatepatch6
CiscoIdentity Services Engine Version3.2.0 Updatepatch7
CiscoIdentity Services Engine Version3.3.0 Update-
CiscoIdentity Services Engine Version3.3.0 Updatepatch1
CiscoIdentity Services Engine Version3.3.0 Updatepatch2
CiscoIdentity Services Engine Version3.3.0 Updatepatch3
CiscoIdentity Services Engine Version3.3.0 Updatepatch4
CiscoIdentity Services Engine Version3.4.0 Update-
CiscoIdentity Services Engine Version3.4.0 Updatepatch1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.17% 0.07
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
psirt@cisco.com 4.8 1.7 2.7
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
16.04.2026 08:53
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isexss-BS8ctE7U
Vendor Advisory