HomePentest-Tools.com Logo

Cisco Identity Services Engine Cross-Site Scripting Vulnerability CVE-2016-9214

Severity
CVSSv3 Score
6.1
Vulnerability description

Cisco Identity Services Engine (ISE) contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system.

Risk description

The vulnerability is due to insufficient input validation of some parameters passed via HTTP GET or POST methods. An attacker may be able to exploit this vulnerability by intercepting the user packets and injecting the malicious code.

Recommendation

See the vendors advisory for solutions.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Dec 14, 2016
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available