CVE-2025-20303

Name of the Vulnerable Software and Affected Versions Cisco ISE and Cisco ISE-PIC (affected versions not specified)

Description The web-based management interface of Cisco ISE and Cisco ISE-PIC contains weaknesses that could allow an authenticated, remote attacker to perform a reflected Cross-Site Scripting (XSS) attack against a user. These issues stem from inadequate validation of user-provided input by the interface. An attacker could inject malicious code into specific pages, potentially enabling them to execute arbitrary script code within the interface or gain access to sensitive, browser-based information. Exploitation requires the attacker to possess at least a low-privileged account on the affected device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.