CVE-2018-15455Cross-site Scripting in Cisco Identity Services Engine Software

CWE-79Cross-site Scripting4 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
0.2%
top 55.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Identity Services Engine SoftwareCisco Identity Services Engine
Timeline
PublishedJan 23
Latest updateMay 13

Description

A vulnerability in the logging component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to the improper validation of requests stored in the system's logging database. An attacker could exploit this vulnerability by sending malicious requests to the targeted system. An exploit could allow the attacker to conduct cross-site scripting attacks when an administrator views the logs in the Admin Portal

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

NVDcisco/identity_services_engine2.2\(0.910\), 2.3\(0.905\), 2.4\(0.903\)+2

🔴Vulnerability Details

2
GHSA
GHSA-fr6w-pg2m-gf67: A vulnerability in the logging component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scrip2022-05-13
CVEList
Cisco Identity Services Engine Logging Cross-Site Scripting Vulnerability2019-01-23

📋Vendor Advisories

1
Cisco
Cisco Identity Services Engine Logging Cross-Site Scripting Vulnerability2019-01-23
CVE-2018-15455 — Cross-site Scripting in Cisco | cvebase