CVE-2016-1485

CWE-79 — Cross-site Scripting (XSS)21 documents5 sources

Severity

6.1MEDIUM

EPSS

0.3%

top 47.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Identity Services Engine Software

Timeline

PublishedAug 22

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine 1.3(0.876) allows remote attackers to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCva46497.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDcisco/identity_services_engine_software1.3\(0.876\)

🔴Vulnerability Details

GHSA

GHSA-f8wc-xjpj-8x72: Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine 1↗2022-05-17

▶

CVEList

CVE-2016-1485: Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine 1↗2016-08-22

▶

📋Vendor Advisories

Cisco

Cisco Identity Services Engine Admin Dashboard Page Cross-Site Scripting Vulnerability↗2016-08-17

▶

💬Community

Bugzilla

CVE-2016-1706 chromium-browser: sandbox escape in ppapi↗2016-07-21

▶

Bugzilla

CVE-2016-1709 chromium-browser: heap-buffer-overflow in sfntly↗2016-07-21

▶

Bugzilla

CVE-2016-5133 chromium-browser: origin confusion in proxy authentication↗2016-07-21

▶

Bugzilla

CVE-2016-1711 chromium-browser: same-origin bypass in blink↗2016-07-21

▶

Bugzilla

CVE-2016-5127 chromium-browser: use-after-free in blink↗2016-07-21

▶