| Title | Unauthenticated persistent cross-site scripting injection into the administrative console of CISCO ISE web application via DHCP request |
|---|
| Description | An unauthenticated attacker who is able to inject a specially crafted DHCP request packet into the network controlled by Cisco Identify
Service Engine (ISE), is able to persistently store code (e. g.JavaScript), which is executed in the context of the Web-browser accessing the Web-based management interface.
CVE-2020-3156
Max Moser/Katharina Maennle |
|---|
| Source | ⚠️ https://www.modzero.com/advisories/MZ-19-03-CISCO-ISE.txt |
|---|
| User | misc (UID 3) |
|---|
| Submission | 02/19/2020 20:38 (6 years ago) |
|---|
| Moderation | 08/10/2020 10:43 (6 months later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 150363 [Cisco Identity Services Engine Log Stored cross site scripting] |
|---|
| Points | 19 |
|---|