CVE-2018-0289

Name of the Vulnerable Software and Affected Versions: Cisco Identity Services Engine (affected versions not specified)

Description: A vulnerability in the logs component could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. This is due to improper validation of requests stored in logs in the application management interface. An attacker could exploit this by sending malicious requests to the targeted system, allowing them to conduct cross-site scripting attacks when an administrator views the log files.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.