CVE-2014-0680

medium

Description

Cross-site scripting (XSS) vulnerability in the HTTP control interface in the NAC Web Agent component in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCui15038.

References

http://www.securitytracker.com/id/1029701

http://www.securityfocus.com/bid/65227

http://tools.cisco.com/security/center/viewAlert.x?alertId=32617

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0680

http://secunia.com/advisories/56672

http://osvdb.org/102588

Details

Source: Mitre, NVD

Published: 2014-01-29

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00532