According to its self-reported version, Cisco Identity Services Engine is affected by a cross-site scripting (XSS) vulnerability due to insufficient input validation in the External RESTful Services (ERS) API. An attacker could exploit this vulnerability by persuading an authenticated administrator of the web-based management interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Please see the included Cisco BID and Cisco Security Advisory for more information.Read More