Skip to main content

Cisco Identity Services Engine Software CVE-2026-20132

| EUVDEUVD-2026-22958 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-04-15 cisco
4.8
CVSS 3.1 · Vendor: cisco
Share

Severity by source

Vendor (cisco) PRIMARY
4.8 MEDIUM
AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Primary rating from Vendor (cisco) · only source for this CVE.

CVSS VectorVendor: cisco

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

2
EUVD ID Assigned
Apr 15, 2026 - 16:30 euvd
EUVD-2026-22958
CVE Published
Apr 15, 2026 - 16:03 nvd
MEDIUM 4.8

DescriptionCVE.org

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative write privileges to conduct a stored cross-site scripting (XSS) attack or a reflected XSS attack against a user of the web-based management interface of an affected device.

These vulnerabilities are due to insufficient sanitization of user-supplied data that is stored in the web page. An attacker could exploit these vulnerabilities by convincing a user of the interface to click a specific link or view an affected web page. The injected script code may be executed in the context of the web-based management interface or allow the attacker to access sensitive browser-based information.

Analysis

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative write privileges to conduct a stored cross-site scripting (XSS) attack or a reflected XSS attack against a user of the web-based management interface of an affected device.

These vulnerabilities are due to insufficient sanitization of user-supplied data that is stored in the web page. An attacker could exploit these vulnerabilities by convincing a user of the interface to click a specific link or view an affected web page. The injected script code may be executed in the context of the web-based management interface or allow the attacker to access sensitive browser-based information.

CVE-2026-20186 CRITICAL
9.9 Apr 15

A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitra

CVE-2026-20147 CRITICAL
9.9 Apr 15

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary comman

CVE-2026-20180 CRITICAL
9.9 Apr 15

A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitra

CVE-2026-20181 CRITICAL
9.1 Jun 17

Authenticated remote command execution in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-P

CVE-2026-20190 HIGH
7.5 Jun 17

Information disclosure in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) allows unaut

CVE-2026-20136 MEDIUM
6.0 Apr 15

A vulnerability in the CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PI

CVE-2026-20146 MEDIUM
5.5 Jul 15

Path traversal in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) allows a remote, aut

CVE-2026-20195 MEDIUM
5.3 May 06

Unauthenticated remote attackers can enumerate valid user accounts on Cisco Identity Services Engine through an identity

CVE-2026-20148 MEDIUM
4.9 Apr 15

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to perform path traversal a

CVE-2026-20193 MEDIUM
4.3 May 06

Cisco Identity Services Engine allows authenticated read-only administrators to bypass role-based access control on RADI

Share

CVE-2026-20132 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy