CVE-2014-0680

Published: Jan 29, 2014Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in the HTTP control interface in the NAC Web Agent component in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCui15038.

Affected (1)

Products: Cisco: Identity Services Engine

Cisco

1 product

Identity Services Engine

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Identity Services Engine	All versions

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (12)

http://osvdb.org/102588

Source: psirt@cisco.com

http://secunia.com/advisories/56672

Source: psirt@cisco.com

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0680

Source: psirt@cisco.com

Vendor Advisory

http://tools.cisco.com/security/center/viewAlert.x?alertId=32617

Source: psirt@cisco.com

http://www.securityfocus.com/bid/65227

Source: psirt@cisco.com

http://www.securitytracker.com/id/1029701

Source: psirt@cisco.com

http://osvdb.org/102588