CVE-2013-5523 — Improper Input Validation in Cisco Identity Services Engine Software

CWE-20 — Improper Input Validation CWE-79 — Cross-site Scripting4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.5%

top 32.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Identity Services Engine Software

Timeline

PublishedOct 10

Latest updateMay 17

Description

The Sponsor Portal in Cisco Identity Services Engine (ISE) 1.2 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCui82666.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/identity_services_engine_software1.2+2

🔴Vulnerability Details

GHSA

GHSA-f8g3-rm35-8w7f: The Sponsor Portal in Cisco Identity Services Engine (ISE) 1↗2022-05-17

▶

CVEList

CVE-2013-5523: The Sponsor Portal in Cisco Identity Services Engine (ISE) 1↗2013-10-10

▶

📋Vendor Advisories

Cisco

Cisco Identity Services Engine Sponsor Portal Cross-Frame Scripting Vulnerability↗2013-10-09

▶