CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2013-5525
https://notcve.org/view.php?id=CVE-2013-5525
SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCug90502. Vulnerabilidad de inyección SQL en el framework web de Cisco Identity Services Engine (ISE) 1.2 y versiones anteriores permite a usuarios remotos sin autenticar ejecutar comandos SQL arbitrarios a través de vectores sin especificar, aka Bug ID CSCug90502. • http://osvdb.org/98167 http://secunia.com/advisories/55098 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5525 http://tools.cisco.com/security/center/viewAlert.x?alertId=31160 http://www.securitytracker.com/id/1029156 https://exchange.xforce.ibmcloud.com/vulnerabilities/87723 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2013-5505
https://notcve.org/view.php?id=CVE-2013-5505
Cross-site scripting (XSS) vulnerability in an administration page in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui30275. Vulnerabilidad cross-site scripting (XSS) en una página de administración de Cisco Identity Services Engine (ISE) permite a atacantes remotos inyectar scripts web o HTML arbitrarios a través de un parámetro no especificado, también conocido como Bug ID CSCui30275. • http://osvdb.org/97875 http://secunia.com/advisories/54626 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5505 http://tools.cisco.com/security/center/viewAlert.x?alertId=31008 http://www.securityfocus.com/bid/62693 http://www.securitytracker.com/id/1029111 https://exchange.xforce.ibmcloud.com/vulnerabilities/87530 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2013-5504
https://notcve.org/view.php?id=CVE-2013-5504
Cross-site scripting (XSS) vulnerability in the Mobile Device Management (MDM) portal in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui30266. Vulnerabilidad XSS en el portal Mobile Device Management (MDM) en Cisco Identity Services Engine (ISE) permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través de un parámetro no especificado, aka Bug ID CSCui30266. • http://osvdb.org/97877 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5504 http://tools.cisco.com/security/center/viewAlert.x?alertId=31007 http://www.securityfocus.com/bid/62694 http://www.securitytracker.com/id/1029110 https://exchange.xforce.ibmcloud.com/vulnerabilities/87531 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2012-5744
https://notcve.org/view.php?id=CVE-2012-5744
Multiple cross-site scripting (XSS) vulnerabilities in the guest portal in Cisco Identity Services Engine (ISE) Software allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs CSCud11139 and CSCug02904. Múltiples vulnerabilidades de cross-site scripting (XSS) en el portal de huéspedes en Cisco Identity Services Engine (ISE) Software, permite a atacantes remotos inyectar secuencias de comandos web o HTML sin especificar a través de vectores sin especificar, también conocido como Bug ID CSCud11139 y CSCug02904. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-5744 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2013-3471
https://notcve.org/view.php?id=CVE-2013-3471
The captive portal application in Cisco Identity Services Engine (ISE) allows remote attackers to discover cleartext usernames and passwords by leveraging unspecified use of hidden form fields in an HTML document, aka Bug ID CSCug02515. La aplicación de portal cautivo en Cisco Identity Services Engine (ISE) permite a atacantes remotos descubrir los nombres de usuario y contraseñas en texto plano mediante el aprovechamiento no especificado del uso de campos ocultos en un formulario en un documento HTML, también conocido como Bug ID CSCug02515. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3471 http://tools.cisco.com/security/center/viewAlert.x?alertId=30524 http://www.securitytracker.com/id/1028965 • CWE-255: Credentials Management Errors •