Vulnerability Details CVE-2022-20966
A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to conduct cross-site scripting attacks against other users of the application web-based management interface.
This vulnerability is due to improper validation of input to an application feature before storage within the web-based management interface. An attacker could exploit this vulnerability by creating entries within the application interface that contain malicious HTML or script code. A successful exploit could allow the attacker to store malicious HTML or script code within the application interface for use in further cross-site scripting attacks.
Cisco has not yet released software updates that address this vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.047
EPSS Ranking 89.0%
CVSS Severity
CVSS v3 Score 5.4
References
Products affected by CVE-2022-20966
-
cpe:2.3:a:cisco:identity_services_engine:-
-
cpe:2.3:a:cisco:identity_services_engine:002.002(000.916)
-
cpe:2.3:a:cisco:identity_services_engine:002.003(000.906)
-
cpe:2.3:a:cisco:identity_services_engine:002.004(000.911)
-
cpe:2.3:a:cisco:identity_services_engine:002.004(000.914)
-
cpe:2.3:a:cisco:identity_services_engine:002.006(000.156)
-
cpe:2.3:a:cisco:identity_services_engine:002.006(000.902)
-
cpe:2.3:a:cisco:identity_services_engine:1.0
-
cpe:2.3:a:cisco:identity_services_engine:1.0.4
-
cpe:2.3:a:cisco:identity_services_engine:1.1
-
cpe:2.3:a:cisco:identity_services_engine:1.1.1
-
cpe:2.3:a:cisco:identity_services_engine:1.1.2
-
cpe:2.3:a:cisco:identity_services_engine:1.1.3
-
cpe:2.3:a:cisco:identity_services_engine:1.1.4
-
cpe:2.3:a:cisco:identity_services_engine:1.2
-
cpe:2.3:a:cisco:identity_services_engine:1.2(1.199)
-
cpe:2.3:a:cisco:identity_services_engine:1.2.1
-
cpe:2.3:a:cisco:identity_services_engine:1.3
-
cpe:2.3:a:cisco:identity_services_engine:1.3(0.722)
-
cpe:2.3:a:cisco:identity_services_engine:1.3(0.876)
-
cpe:2.3:a:cisco:identity_services_engine:1.3(0.909)
-
cpe:2.3:a:cisco:identity_services_engine:1.3(106.146)
-
cpe:2.3:a:cisco:identity_services_engine:1.3(120.135)
-
cpe:2.3:a:cisco:identity_services_engine:1.4
-
cpe:2.3:a:cisco:identity_services_engine:1.4(0.109)
-
cpe:2.3:a:cisco:identity_services_engine:1.4(0.181)
-
cpe:2.3:a:cisco:identity_services_engine:1.4(0.253)
-
cpe:2.3:a:cisco:identity_services_engine:1.4(0.908)
-
cpe:2.3:a:cisco:identity_services_engine:2.0
-
cpe:2.3:a:cisco:identity_services_engine:2.0(0.147)
-
cpe:2.3:a:cisco:identity_services_engine:2.0(0.169)
-
cpe:2.3:a:cisco:identity_services_engine:2.0(0.222)
-
cpe:2.3:a:cisco:identity_services_engine:2.0(0.234)
-
cpe:2.3:a:cisco:identity_services_engine:2.0(0.249)
-
cpe:2.3:a:cisco:identity_services_engine:2.0(0.306)
-
cpe:2.3:a:cisco:identity_services_engine:2.0(1.130)
-
cpe:2.3:a:cisco:identity_services_engine:2.0.1
-
cpe:2.3:a:cisco:identity_services_engine:2.1
-
cpe:2.3:a:cisco:identity_services_engine:2.1(0.474)
-
cpe:2.3:a:cisco:identity_services_engine:2.1(0.476)
-
cpe:2.3:a:cisco:identity_services_engine:2.1(0.800)
-
cpe:2.3:a:cisco:identity_services_engine:2.1(0.904)
-
cpe:2.3:a:cisco:identity_services_engine:2.1(0.907)
-
cpe:2.3:a:cisco:identity_services_engine:2.1(102.101)
-
cpe:2.3:a:cisco:identity_services_engine:2.1(102.103)
-
cpe:2.3:a:cisco:identity_services_engine:2.1.0
-
cpe:2.3:a:cisco:identity_services_engine:2.1_base
-
cpe:2.3:a:cisco:identity_services_engine:2.2
-
cpe:2.3:a:cisco:identity_services_engine:2.2(0.283)
-
cpe:2.3:a:cisco:identity_services_engine:2.2(0.470)
-
cpe:2.3:a:cisco:identity_services_engine:2.2(0.471)
-
cpe:2.3:a:cisco:identity_services_engine:2.2(0.903)
-
cpe:2.3:a:cisco:identity_services_engine:2.2(0.909)
-
cpe:2.3:a:cisco:identity_services_engine:2.2(0.910)
-
cpe:2.3:a:cisco:identity_services_engine:2.2(1.145)
-
cpe:2.3:a:cisco:identity_services_engine:2.2.0
-
cpe:2.3:a:cisco:identity_services_engine:2.2.0.470
-
cpe:2.3:a:cisco:identity_services_engine:2.3
-
cpe:2.3:a:cisco:identity_services_engine:2.3(0.151)
-
cpe:2.3:a:cisco:identity_services_engine:2.3(0.298)
-
cpe:2.3:a:cisco:identity_services_engine:2.3(0.904)
-
cpe:2.3:a:cisco:identity_services_engine:2.3(0.905)
-
cpe:2.3:a:cisco:identity_services_engine:2.3.0
-
cpe:2.3:a:cisco:identity_services_engine:2.3.0.298
-
cpe:2.3:a:cisco:identity_services_engine:2.4
-
cpe:2.3:a:cisco:identity_services_engine:2.4(0.192)
-
cpe:2.3:a:cisco:identity_services_engine:2.4(0.247)
-
cpe:2.3:a:cisco:identity_services_engine:2.4(0.357)
-
cpe:2.3:a:cisco:identity_services_engine:2.4(0.901)
-
cpe:2.3:a:cisco:identity_services_engine:2.4(0.901.1)
-
cpe:2.3:a:cisco:identity_services_engine:2.4(0.902)
-
cpe:2.3:a:cisco:identity_services_engine:2.4(0.903)
-
cpe:2.3:a:cisco:identity_services_engine:2.4(0.904)
-
cpe:2.3:a:cisco:identity_services_engine:2.4(100.159)
-
cpe:2.3:a:cisco:identity_services_engine:2.4.0
-
cpe:2.3:a:cisco:identity_services_engine:2.4.0.357
-
cpe:2.3:a:cisco:identity_services_engine:2.5
-
cpe:2.3:a:cisco:identity_services_engine:2.5(0.1)
-
cpe:2.3:a:cisco:identity_services_engine:2.5(0.225)
-
cpe:2.3:a:cisco:identity_services_engine:2.5(0.353)
-
cpe:2.3:a:cisco:identity_services_engine:2.6
-
cpe:2.3:a:cisco:identity_services_engine:2.6(0.156)
-
cpe:2.3:a:cisco:identity_services_engine:2.6(0.999)
-
cpe:2.3:a:cisco:identity_services_engine:2.6.0
-
cpe:2.3:a:cisco:identity_services_engine:2.7.0
-
cpe:2.3:a:cisco:identity_services_engine:3.0.0
-
cpe:2.3:a:cisco:identity_services_engine:3.1
-
cpe:2.3:a:cisco:identity_services_engine:3.2