| Título | Unauthenticated persistent cross-site scripting injection into the administrative console of CISCO ISE web application via DHCP request |
|---|
| Descrição | An unauthenticated attacker who is able to inject a specially crafted DHCP request packet into the network controlled by Cisco Identify
Service Engine (ISE), is able to persistently store code (e. g.JavaScript), which is executed in the context of the Web-browser accessing the Web-based management interface.
CVE-2020-3156
Max Moser/Katharina Maennle |
|---|
| Fonte | ⚠️ https://www.modzero.com/advisories/MZ-19-03-CISCO-ISE.txt |
|---|
| Utilizador | misc (UID 3) |
|---|
| Submissão | 19/02/2020 20h38 (há 6 anos) |
|---|
| Moderação | 10/08/2020 10h43 (6 months later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 150363 [Cisco Identity Services Engine Log Guardado Script de Site Cruzado] |
|---|
| Pontos | 19 |
|---|