Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient input validation of some parameters passed to the web-based management interface. An attacker could exploit this vulnerability by convincing a user of the interface to click a specific link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. For information about fixed software releases, consult the Cisco bug ID at https://quickview.cloudapps.cisco.com/quickview/bug/CSCvn64652. When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution.

N/A

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Cisco Identity Services Engine 跨站脚本漏洞

Cisco Identity Services Engine（ISE）是美国思科（Cisco）公司的一款基于身份的环境感知平台（ISE身份服务引擎）。该平台通过收集网络、用户和设备中的实时信息，制定并实施相应策略来监管网络。 Cisco ISE中的基于Web的管理界面存在跨站脚本漏洞，该漏洞源于程序没有对发送到该界面的参数执行充分地输入验证。远程攻击者可通过诱使该界面用户点击链接利用该漏洞在该界面的上下文中执行任意脚本代码或访问基于浏览器的敏感信息。

N/A

N/A