Описание
A vulnerability in the logging component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to the improper validation of requests stored in the system's logging database. An attacker could exploit this vulnerability by sending malicious requests to the targeted system. An exploit could allow the attacker to conduct cross-site scripting attacks when an administrator views the logs in the Admin Portal.
Ссылки
- Third Party Advisory
- Vendor Advisory
- Third Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Одно из
EPSS
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
A vulnerability in the logging component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to the improper validation of requests stored in the system's logging database. An attacker could exploit this vulnerability by sending malicious requests to the targeted system. An exploit could allow the attacker to conduct cross-site scripting attacks when an administrator views the logs in the Admin Portal.
Уязвимость компонента «logging» платформы управления политиками соединений Cisco Identity Services Engine, позволяющая нарушителю осуществлять межсайтовые сценарные атаки
EPSS
6.1 Medium
CVSS3
4.3 Medium
CVSS2