CVE-2020-3340— Cisco Identity Services Engine 跨站脚本漏洞

Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input that is processed by the web-based management interface. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need valid administrative credentials.

N/A

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Cisco Identity Services Engine 跨站脚本漏洞

Cisco Identity Services Engine（ISE）是美国思科（Cisco）公司的一款基于身份的环境感知平台（ISE身份服务引擎）。该平台通过收集网络、用户和设备中的实时信息，制定并实施相应策略来监管网络。 Cisco ISE 2.6 Patch 7之前版本中存在跨站脚本漏洞，该漏洞源于程序没有正确验证用户输入。攻击者可借助恶意代码利用该漏洞在上下文中执行任意脚本代码，或获取敏感信息。

N/A

N/A