Cisco Identity Services Engine Cross-Site Scripting Vulnerability CVE-2016-9214
- CVSSv3 Score
- Vulnerability description
Cisco Identity Services Engine (ISE) contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system.
- Risk description
The vulnerability is due to insufficient input validation of some parameters passed via HTTP GET or POST methods. An attacker may be able to exploit this vulnerability by intercepting the user packets and injecting the malicious code.
See the vendors advisory for solutions.
- Not available