CVE-2018-0289

CWE-79Cross-site Scripting (XSS)4 documents4 sources
Severity
6.1MEDIUM
EPSS
0.3%
top 49.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Identity Services Engine Software
Timeline
PublishedMay 17
Latest updateMay 13

Description

A vulnerability in the logs component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of requests stored in logs in the application management interface. An attacker could exploit this vulnerability by sending malicious requests to the targeted system. An exploit could allow the attacker to conduct cross-site scripting attacks when an administrator views the log files. Cisco

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

CVEListV5cisco_identity_services_engineCisco Identity Services Engine
NVDcisco/identity_services_engine_software2.3\(0.298\), 2.4\(0.223\)+1

🔴Vulnerability Details

2
GHSA
GHSA-gx86-hgf7-9jm8: A vulnerability in the logs component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scriptin2022-05-13
CVEList
CVE-2018-0289: A vulnerability in the logs component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scriptin2018-05-17

📋Vendor Advisories

1
Cisco
Cisco Identity Services Engine Logs Cross-Site Scripting Vulnerability2018-05-16
CVE-2018-0289 (MEDIUM CVSS 6.1) | A vulnerability in the logs compone | cvebase.io