CVE-2018-15455 vulnerability in Cisco Products
Published on January 23, 2019
Cisco Identity Services Engine Logging Cross-Site Scripting Vulnerability
A vulnerability in the logging component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to the improper validation of requests stored in the system's logging database. An attacker could exploit this vulnerability by sending malicious requests to the targeted system. An exploit could allow the attacker to conduct cross-site scripting attacks when an administrator views the logs in the Admin Portal.
Weakness Type
What is a XSS Vulnerability?
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2018-15455 has been classified to as a XSS vulnerability or weakness.
Products Associated with CVE-2018-15455
stack.watch emails you whenever new vulnerabilities are published in Cisco Identity Services Engine or Cisco Identity Services Engine Software. Just hit a watch button to start following.
Affected Versions
Cisco Identity Services Engine Software Version n/a is affected by CVE-2018-15455Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.