CVE-2018-15440

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine (ISE) (affected versions not specified)

Description A stored cross-site scripting (XSS) attack could be conducted by an unauthenticated, remote attacker against a user of the web interface of an affected system. The issue is due to insufficient sanitization of user-supplied data written to log files and displayed in certain web pages of the web-based management interface. An attacker could exploit this by convincing a user to click a specific link or view an affected log file, potentially executing injected script code in the context of the web-based management interface or accessing sensitive browser-based information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.