CVE-2021-34738 MEDIUM

CVE-2021-34738: Cisco Identity Services Engine Cross-Site Scripting Vulnerabilities

Vendor Cisco

Product Cisco Identity Services Engine Software

Weakness CWE-79 · XSS

Published October 21, 2021

Last update November 7, 2024

View on NVD All CVEs

CVSS base score

6.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.

Key dates

02Disclosure timeline

October 21, 2021 CVE published

November 7, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-34738

Related vulnerabilities

04Related CVE

CVE-2025-58830 WordPress Parallax Scrolling Enllax.js Plugin <= 0.0.6 - Cross Site Scripting (XSS) Vulnerability CVE-2024-49225 WordPress wpPricing Builder plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerability CVE-2021-24293 NextGEN Gallery Pro < 3.1.11 - Reflected Cross-Site Scripting (XSS) CVE-2025-54891 A user with elevated privileges can inject XSS in the ACL Resource Access configuration page CVE-2025-69088 WordPress Combo Offers WooCommerce plugin <= 4.2 - Cross Site Scripting (XSS) vulnerability

Identifiers

CVE CVE-2021-34738

CWE CWE-79

CVSS 6.1 / MEDIUM

Affected versions

Vendor Cisco

Product Cisco Identity Services Engine Software

Affected All versions