CVE-2022-20967
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to conduct cross-site scripting attacks against other users of the application web-based management interface. This vulnerability is due to improper validation of input to an application feature before storage within the web-based management interface. An attacker could exploit this vulnerability by creating entries within the application interface that contain malicious HTML or script code. A successful exploit could allow the attacker to store malicious HTML or script code within the application interface for use in further cross-site scripting attacks. Cisco has not yet released software updates that address this vulnerability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cisco | Cisco Identity Services Engine Software | 2.6.0 | affected |
| Cisco | Cisco Identity Services Engine Software | 2.6.0 p1 | affected |
| Cisco | Cisco Identity Services Engine Software | 2.6.0 p2 | affected |
| Cisco | Cisco Identity Services Engine Software | 2.6.0 p3 | affected |
| Cisco | Cisco Identity Services Engine Software | 2.6.0 p5 | affected |
| Cisco | Cisco Identity Services Engine Software | 2.6.0 p6 | affected |
| Cisco | Cisco Identity Services Engine Software | 2.6.0 p7 | affected |
| Cisco | Cisco Identity Services Engine Software | 2.6.0 p8 | affected |
| Cisco | Cisco Identity Services Engine Software | 2.6.0 p9 | affected |
| Cisco | Cisco Identity Services Engine Software | 2.6.0 p10 | affected |
| Cisco | Cisco Identity Services Engine Software | 2.6.0 p11 | affected |
| Cisco | Cisco Identity Services Engine Software | 2.6.0 p12 | affected |
| Cisco | Cisco Identity Services Engine Software | 2.7.0 | affected |
| Cisco | Cisco Identity Services Engine Software | 2.7.0 p1 | affected |
| Cisco | Cisco Identity Services Engine Software | 2.7.0 p2 | affected |
| Cisco | Cisco Identity Services Engine Software | 2.7.0 p3 | affected |
| Cisco | Cisco Identity Services Engine Software | 2.7.0 p4 | affected |
| Cisco | Cisco Identity Services Engine Software | 2.7.0 p5 | affected |
| Cisco | Cisco Identity Services Engine Software | 2.7.0 p6 | affected |
| Cisco | Cisco Identity Services Engine Software | 2.7.0 p7 | affected |
| Cisco | Cisco Identity Services Engine Software | 3.0.0 | affected |
| Cisco | Cisco Identity Services Engine Software | 3.0.0 p1 | affected |
| Cisco | Cisco Identity Services Engine Software | 3.0.0 p2 | affected |
| Cisco | Cisco Identity Services Engine Software | 3.0.0 p3 | affected |
| Cisco | Cisco Identity Services Engine Software | 3.0.0 p4 | affected |
| Cisco | Cisco Identity Services Engine Software | 3.0.0 p5 | affected |
| Cisco | Cisco Identity Services Engine Software | 3.0.0 p6 | affected |
| Cisco | Cisco Identity Services Engine Software | 3.1.0 | affected |
| Cisco | Cisco Identity Services Engine Software | 3.1.0 p1 | affected |
| Cisco | Cisco Identity Services Engine Software | 3.1.0 p3 | affected |
| Cisco | Cisco Identity Services Engine Software | 3.1.0 p4 | affected |
| Cisco | Cisco Identity Services Engine Software | 3.1.0 p5 | affected |
| Cisco | Cisco Identity Services Engine Software | 3.2.0 | affected |
Weaknesses
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.