CVE-2022-20967

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine (affected versions not specified)

Description A vulnerability in the web-based management interface could allow an authenticated, remote attacker to conduct cross-site scripting attacks against other users of the application. This issue is due to improper validation of input to an application feature before storage within the web-based management interface. An attacker could exploit this by creating entries within the application interface that contain malicious HTML or script code, allowing the storage of malicious code for further cross-site scripting attacks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the web-based management interface to minimize the risk of exploitation. Avoid using the interface to store or process unvalidated input until the issue is resolved.