Unrated severityNVD Advisory· Published Oct 10, 2013· Updated Apr 29, 2026

CVE-2013-5523

Description

The Sponsor Portal in Cisco Identity Services Engine (ISE) 1.2 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCui82666.

Affected products

Cisco Systems, Inc./Identity Services Engine Software3 versions
cpe:2.3:a:cisco:identity_services_engine_software:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:cisco:identity_services_engine_software:*:*:*:*:*:*:*:*range: <=1.2
- cpe:2.3:a:cisco:identity_services_engine_software:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:identity_services_engine_software:1.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5523nvdVendor Advisory
tools.cisco.com/security/center/viewAlert.xnvdVendor Advisory
www.securityfocus.com/bid/62869nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1029157nvdThird Party AdvisoryVDB Entry
osvdb.org/98168nvd
secunia.com/advisories/55207nvd
exchange.xforce.ibmcloud.com/vulnerabilities/87724nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000