CNNVD-202511-407 Information
CNNVD ID
CNNVD-202511-407
Related CVE
- CNNVD Published: 2025-11-05
Description (Chinese)
Cisco Identity Services Engine(Cisco ISE)是美国思科(Cisco)公司的一款环境感知平台(ISE身份服务引擎)。该平台通过收集网络、用户和设备中的实时信息,制定并实施相应策略来监管网络。 Cisco Identity Services Engine(Cisco ISE)存在跨站脚本漏洞,该漏洞源于基于Web的管理界面未充分验证用户输入,可能导致反射型跨站脚本攻击。
Description (English)
Cisco Information Services Engineering (Cisco ISE) is an environmental awareness platform for Cisco companies. The platform regulates networks by collecting real-time information from networks, users and equipment and developing and implementing strategies. Cisco Infrastructure Services Engineering (Cisco ISE) has a cross-site script loophole, which stems from the fact that Web-based management interface does not adequately validate user input and may result in a reflex-type cross-site script attack.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
思科
Published
2025-11-05
Last Modified
2026-02-24
References
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multiple-vulns-O9BESWJH https://access.redhat.com/security/cve/cve-2025-20289