Unrated severityNVD Advisory· Published Feb 19, 2020· Updated Nov 15, 2024
Cisco Identity Services Engine Cross-Site Scripting Vulnerability
CVE-2020-3156
Description
A vulnerability in the logging component of Cisco Identity Services Engine could allow an unauthenticated remote attacker to conduct cross-site scripting attacks. The vulnerability is due to the improper validation of endpoint data stored in logs used by the web-based interface. An attacker could exploit this vulnerability by sending malicious endpoint data to the targeted system. An exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: unspecified
Patches
Vulnerability mechanics
References
1- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-s3ekcKchmitrevendor-advisoryx_refsource_CISCO
News mentions
0No linked articles in our index yet.