CVE-2017-6733 โ€” Cross-site Scripting in Cisco Identity Services Engine

CWE-79 โ€” Cross-site Scripting4 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
0.3%
top 42.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Identity Services Engine
Timeline
PublishedJul 10
Latest updateMay 17

Description

A vulnerability in the web-based application interface of the Cisco Identity Services Engine (ISE) portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvd87482. Known Affected Releases: 2.1(102.101) 2.2(0.283) 2.3(0.151).

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

โ–ถNVDcisco/identity_services_engine2.1\(102.101\), 2.2\(0.283\), 2.3\(0.151\)+2

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-3vfm-97xm-8mvv: A vulnerability in the web-based application interface of the Cisco Identity Services Engine (ISE) portal could allow an unauthenticated, remote attacโ†—2022-05-17
โ–ถ
CVEList
CVE-2017-6733: A vulnerability in the web-based application interface of the Cisco Identity Services Engine (ISE) portal could allow an unauthenticated, remote attacโ†—2017-07-10
โ–ถ

๐Ÿ“‹Vendor Advisories

1
Cisco
Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilityโ†—2017-07-05
โ–ถ
CVE-2017-6733 โ€” Cross-site Scripting in Cisco | cvebase