Vulnerabilities > Cisco > Identity Services Engine > 3.1

DATE CVE VULNERABILITY TITLE RISK
2025-02-05 CVE-2025-20204 Cross-site Scripting vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.  This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system.
network
low complexity
cisco CWE-79
4.8
2025-02-05 CVE-2025-20205 Cross-site Scripting vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.  This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system.
network
low complexity
cisco CWE-79
4.8
2024-11-06 CVE-2024-20487 Cross-site Scripting vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system.
network
low complexity
cisco CWE-79
5.4
2024-11-06 CVE-2024-20527 Path Traversal vulnerability in Cisco Identity Services Engine
A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device.
network
low complexity
cisco CWE-22
5.5
2024-11-06 CVE-2024-20528 Path Traversal vulnerability in Cisco Identity Services Engine
A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to upload files to arbitrary locations on the underlying operating system of an affected device.
network
low complexity
cisco CWE-22
7.2
2024-11-06 CVE-2024-20529 Path Traversal vulnerability in Cisco Identity Services Engine
A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device.
network
low complexity
cisco CWE-22
5.5
2024-11-06 CVE-2024-20532 Path Traversal vulnerability in Cisco Identity Services Engine
A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device.
network
low complexity
cisco CWE-22
5.5
2024-08-07 CVE-2024-20443 Cross-site Scripting vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system.
network
low complexity
cisco CWE-79
5.4
2024-08-07 CVE-2024-20479 Cross-site Scripting vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system.
network
low complexity
cisco CWE-79
4.8
2024-04-03 CVE-2024-20368 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device.
network
low complexity
cisco CWE-352
8.8