CVE-2025-20204Cross-site Scripting in Cisco Identity Services Engine

CWE-79Cross-site Scripting4 documents4 sources
Severity
4.8MEDIUMNVD
EPSS
0.0%
top 85.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Identity Services EngineCisco Identity Services Engine Software
Timeline
PublishedFeb 5

Description

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

NVDcisco/identity_services_engine3.0.03.2+3

🔴Vulnerability Details

2
GHSA
GHSA-49rx-vpxq-535f: A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct2025-02-05
CVEList
Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability2025-02-05

📋Vendor Advisories

1
Cisco
Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities2025-02-05
CVE-2025-20204 — Cross-site Scripting in Cisco | cvebase