CVE-2024-20487 MEDIUM

CVE-2024-20487: Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabiliy

Vendor Cisco
Product Cisco Identity Services Engine Software
Weakness CWE-79 · XSS
Published November 6, 2024
Last update November 6, 2024
View on NVD All CVEs

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have at least a low-privileged account on an affected device.

Key dates

02Disclosure timeline

November 6, 2024 CVE published
November 6, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2022-0418 Event List < 0.8.8 - Admin+ Stored Cross-Site Scripting CVE-2025-6743 WoodMart <= 8.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-30952 WordPress Nexa Blocks plugin <= 1.1.0 - Cross Site Scripting (XSS) Vulnerability CVE-2021-1152 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Stored Cross-Site Scripting Vulnerabilities CVE-2025-31025 WordPress Image Hover Effects Block plugin <= 1.4.5 - Cross Site Scripting (XSS) Vulnerability