ID de Prueba:	1.3.6.1.4.1.25623.1.0.106926
Categoría:	CISCO
Título:	Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability
Resumen:	A vulnerability in the web-based application interface of the Cisco Identity;Services Engine (ISE) portal could allow an unauthenticated, remote attacker to conduct a stored cross-site;scripting (XSS) attack against a user of the web interface of an affected system.
Descripción:	Summary: A vulnerability in the web-based application interface of the Cisco Identity Services Engine (ISE) portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. Vulnerability Insight: The vulnerability is due to insufficient input validation and output-encoding parameters for data that is passed between an affected client and server. An attacker could exploit this vulnerability by intercepting targeted user packets and injecting malicious code into the targeted traffic stream. Vulnerability Impact: A successful exploit could allow the attacker to inject script code into the HTTP flow between the targeted user and the affected system. Solution: See the referenced vendor advisory for a solution. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-6733 BugTraq ID: 99458 http://www.securityfocus.com/bid/99458 http://www.securitytracker.com/id/1038822
Copyright	Copyright (C) 2017 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.