Severity by source
AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Primary rating from Vendor (cisco) · only source for this CVE.
CVSS VectorVendor: cisco
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative write privileges to conduct a stored cross-site scripting (XSS) attack or a reflected XSS attack against a user of the web-based management interface of an affected device.
These vulnerabilities are due to insufficient sanitization of user-supplied data that is stored in the web page. An attacker could exploit these vulnerabilities by convincing a user of the interface to click a specific link or view an affected web page. The injected script code may be executed in the context of the web-based management interface or allow the attacker to access sensitive browser-based information.
Analysis
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative write privileges to conduct a stored cross-site scripting (XSS) attack or a reflected XSS attack against a user of the web-based management interface of an affected device.
These vulnerabilities are due to insufficient sanitization of user-supplied data that is stored in the web page. An attacker could exploit these vulnerabilities by convincing a user of the interface to click a specific link or view an affected web page. The injected script code may be executed in the context of the web-based management interface or allow the attacker to access sensitive browser-based information.
A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitra
A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary comman
A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitra
Authenticated remote command execution in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-P
Information disclosure in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) allows unaut
A vulnerability in the CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PI
Path traversal in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) allows a remote, aut
Unauthenticated remote attackers can enumerate valid user accounts on Cisco Identity Services Engine through an identity
A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to perform path traversal a
Cisco Identity Services Engine allows authenticated read-only administrators to bypass role-based access control on RADI
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-22958