Test ID:	1.3.6.1.4.1.25623.1.0.106193
Category:	CISCO
Title:	Cisco Identity Services Engine Admin Dashboard Page Cross-Site Scripting Vulnerability
Summary:	A vulnerability in the web framework code of Cisco Identity Services;Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack.
Description:	Summary: A vulnerability in the web framework code of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Vulnerability Insight: The vulnerability is due to insufficient input validation of some parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user's request and injecting malicious code. Vulnerability Impact: An exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Affected Software/OS: Cisco Identity Services Engine software release 1.3(0.876) Solution: See the vendors advisory for solutions. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-1485 BugTraq ID: 92518 http://www.securityfocus.com/bid/92518 Cisco Security Advisory: 20160817 Cisco Identity Services Engine Admin Dashboard Page Cross-Site Scripting Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ise http://www.securitytracker.com/id/1036647
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.