CVE-2018-15455
MEDIUMCisco Identity Services Engine - Stored Cross-Site Scripting in Logging Component
Title source: llmDescription
A vulnerability in the logging component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to the improper validation of requests stored in the system's logging database. An attacker could exploit this vulnerability by sending malicious requests to the targeted system. An exploit could allow the attacker to conduct cross-site scripting attacks when an administrator views the logs in the Admin Portal.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-isel-xss
Third Party Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/106708
Scores
CVSS v3
6.1
EPSS
0.0108
EPSS Percentile
61.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (3)
cisco/identity_services_engine
2.2\(0.910\)
cisco/identity_services_engine
2.3\(0.905\)
cisco/identity_services_engine
2.4\(0.903\)
Published
Jan 23, 2019
Tracked Since
Feb 18, 2026