Test ID:	1.3.6.1.4.1.25623.1.0.106926
Category:	CISCO
Title:	Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability
Summary:	A vulnerability in the web-based application interface of the Cisco Identity;Services Engine (ISE) portal could allow an unauthenticated, remote attacker to conduct a stored cross-site;scripting (XSS) attack against a user of the web interface of an affected system.
Description:	Summary: A vulnerability in the web-based application interface of the Cisco Identity Services Engine (ISE) portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. Vulnerability Insight: The vulnerability is due to insufficient input validation and output-encoding parameters for data that is passed between an affected client and server. An attacker could exploit this vulnerability by intercepting targeted user packets and injecting malicious code into the targeted traffic stream. Vulnerability Impact: A successful exploit could allow the attacker to inject script code into the HTTP flow between the targeted user and the affected system. Solution: See the referenced vendor advisory for a solution. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-6733 BugTraq ID: 99458 http://www.securityfocus.com/bid/99458 http://www.securitytracker.com/id/1038822
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.