- Description
- Cross-site scripting (XSS) vulnerability in the troubleshooting page in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCug77655.
- Source
- ykramarz@cisco.com
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
- nvd@nist.gov
- CWE-79
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "63BC1BB0-33FB-4CBC-99AD-E9E6593B2A11",
"versionEndIncluding": "1.2"
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA49BB84-9E6B-4510-B2DF-178C2E6C0CBE"
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "50CE032F-3BD1-462D-B2DD-4088EA7CE037"
}
],
"operator": "OR"
}
]
}
]