← voltar
CVE-2020-3156

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

CVSS 6.1 MEDIUMEPSS 1.0%CWE-79
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 6.1EPSS 1.0%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
19 fev 2020Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A vulnerability in the logging component of Cisco Identity Services Engine could allow an unauthenticated remote attacker to conduct cross-site scripting attacks. The vulnerability is due to the improper validation of endpoint data stored in logs used by the web-based interface. An attacker could exploit this vulnerability by sending malicious endpoint data to the targeted system. An exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N