{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-20047", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2025-10-08T11:59:15.355Z", "datePublished": "2026-01-15T16:32:15.578Z", "dateUpdated": "2026-02-26T15:04:06.757Z"}, "containers": {"cna": {"title": "Cisco Identity Services Engine Cross-Site Scripting Vulnerability", "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "baseScore": 4.8, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid administrative credentials."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-964cdxW5", "name": "cisco-sa-ise-xss-964cdxW5"}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-ise-xss-964cdxW5", "discovery": "INTERNAL", "defects": ["CSCwq83752"]}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", "type": "cwe", "cweId": "CWE-80"}]}], "affected": [{"vendor": "Cisco", "product": "Cisco Identity Services Engine Software", "versions": [{"version": "3.1.0", "status": "affected"}, {"version": "3.1.0 p1", "status": "affected"}, {"version": "3.1.0 p3", "status": "affected"}, {"version": "3.1.0 p2", "status": "affected"}, {"version": "3.2.0", "status": "affected"}, {"version": "3.1.0 p4", "status": "affected"}, {"version": "3.1.0 p5", "status": "affected"}, {"version": "3.2.0 p1", "status": "affected"}, {"version": "3.1.0 p6", "status": "affected"}, {"version": "3.2.0 p2", "status": "affected"}, {"version": "3.1.0 p7", "status": "affected"}, {"version": "3.3.0", "status": "affected"}, {"version": "3.2.0 p3", "status": "affected"}, {"version": "3.2.0 p4", "status": "affected"}, {"version": "3.1.0 p8", "status": "affected"}, {"version": "3.2.0 p5", "status": "affected"}, {"version": "3.2.0 p6", "status": "affected"}, {"version": "3.1.0 p9", "status": "affected"}, {"version": "3.3 Patch 2", "status": "affected"}, {"version": "3.3 Patch 1", "status": "affected"}, {"version": "3.3 Patch 3", "status": "affected"}, {"version": "3.4.0", "status": "affected"}, {"version": "3.2.0 p7", "status": "affected"}, {"version": "3.3 Patch 4", "status": "affected"}, {"version": "3.4 Patch 1", "status": "affected"}, {"version": "3.1.0 p10", "status": "affected"}, {"version": "3.3 Patch 5", "status": "affected"}, {"version": "3.3 Patch 6", "status": "affected"}, {"version": "3.4 Patch 2", "status": "affected"}, {"version": "3.3 Patch 7", "status": "affected"}, {"version": "3.4 Patch 3", "status": "affected"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2026-01-15T16:32:15.578Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-20047", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-16T04:55:53.641286Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T15:04:06.757Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-20047", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-16T04:55:53.641286Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-15T18:10:08.340Z"}}], "cna": {"title": "Cisco Identity Services Engine Cross-Site Scripting Vulnerability", "source": {"defects": ["CSCwq83752"], "advisory": "cisco-sa-ise-xss-964cdxW5", "discovery": "INTERNAL"}, "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "Cisco", "product": "Cisco Identity Services Engine Software", "versions": [{"status": "affected", "version": "3.1.0"}, {"status": "affected", "version": "3.1.0 p1"}, {"status": "affected", "version": "3.1.0 p3"}, {"status": "affected", "version": "3.1.0 p2"}, {"status": "affected", "version": "3.2.0"}, {"status": "affected", "version": "3.1.0 p4"}, {"status": "affected", "version": "3.1.0 p5"}, {"status": "affected", "version": "3.2.0 p1"}, {"status": "affected", "version": "3.1.0 p6"}, {"status": "affected", "version": "3.2.0 p2"}, {"status": "affected", "version": "3.1.0 p7"}, {"status": "affected", "version": "3.3.0"}, {"status": "affected", "version": "3.2.0 p3"}, {"status": "affected", "version": "3.2.0 p4"}, {"status": "affected", "version": "3.1.0 p8"}, {"status": "affected", "version": "3.2.0 p5"}, {"status": "affected", "version": "3.2.0 p6"}, {"status": "affected", "version": "3.1.0 p9"}, {"status": "affected", "version": "3.3 Patch 2"}, {"status": "affected", "version": "3.3 Patch 1"}, {"status": "affected", "version": "3.3 Patch 3"}, {"status": "affected", "version": "3.4.0"}, {"status": "affected", "version": "3.2.0 p7"}, {"status": "affected", "version": "3.3 Patch 4"}, {"status": "affected", "version": "3.4 Patch 1"}, {"status": "affected", "version": "3.1.0 p10"}, {"status": "affected", "version": "3.3 Patch 5"}, {"status": "affected", "version": "3.3 Patch 6"}, {"status": "affected", "version": "3.4 Patch 2"}, {"status": "affected", "version": "3.3 Patch 7"}, {"status": "affected", "version": "3.4 Patch 3"}], "defaultStatus": "unknown"}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-964cdxW5", "name": "cisco-sa-ise-xss-964cdxW5"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid administrative credentials."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "cweId": "CWE-80", "description": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2026-01-15T16:32:15.578Z"}}}, "cveMetadata": {"cveId": "CVE-2026-20047", "state": "PUBLISHED", "dateUpdated": "2026-02-26T15:04:06.757Z", "dateReserved": "2025-10-08T11:59:15.355Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2026-01-15T16:32:15.578Z", "assignerShortName": "cisco"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:*", "matchCriteriaId": "8CCF107C-A742-4362-B5B6-BF8D26D85353", "versionEndExcluding": "3.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2.0:-:*:*:*:*:*:*", "matchCriteriaId": "7932D5D5-83E1-4BEF-845A-D0783D4BB750", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch1:*:*:*:*:*:*", "matchCriteriaId": "1B818846-4A6E-4256-B344-281E8C786C43", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch2:*:*:*:*:*:*", "matchCriteriaId": "A44858A2-922A-425A-8B38-0C47DB911A3C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch3:*:*:*:*:*:*", "matchCriteriaId": "53484A32-757B-42F8-B655-554C34222060", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch4:*:*:*:*:*:*", "matchCriteriaId": "0CCAC61F-C273-49B3-A631-31D3AE3EB148", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch5:*:*:*:*:*:*", "matchCriteriaId": "51AEFCE6-FB4A-4B1C-A23D-83CC3CF3FBBD", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch6:*:*:*:*:*:*", "matchCriteriaId": "B452B4F0-8510-475E-9AE8-B48FABB4D7D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch7:*:*:*:*:*:*", "matchCriteriaId": "5733512D-12B5-4098-AF90-9D68217FAC27", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "D6EC9EDE-3038-450B-9209-4315236F8DC7", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:-:*:*:*:*:*:*", "matchCriteriaId": "F1B9C2C1-59A4-49A0-9B74-83CCB063E55D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch1:*:*:*:*:*:*", "matchCriteriaId": "DFD29A0B-0D75-4EAB-BCE0-79450EC75DD0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch2:*:*:*:*:*:*", "matchCriteriaId": "E6C94CC4-CC08-4DAF-A606-FDAFC92720A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch3:*:*:*:*:*:*", "matchCriteriaId": "BB069EA3-7B8C-42B5-8035-2EE5ED3F56E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch4:*:*:*:*:*:*", "matchCriteriaId": "FF8B81A6-BF44-4E5F-B167-39F61DDCA026", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch5:*:*:*:*:*:*", "matchCriteriaId": "56E0F0EC-3E66-4866-89F5-89B331F3F517", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch6:*:*:*:*:*:*", "matchCriteriaId": "2E3E8937-2859-4A2A-91C0-05F674EF0466", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch7:*:*:*:*:*:*", "matchCriteriaId": "D4B14684-EB9E-405B-85FA-B62E57CB292C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.4.0:-:*:*:*:*:*:*", "matchCriteriaId": "D23905E0-E525-49B1-8E5F-4EB42D186768", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch1:*:*:*:*:*:*", "matchCriteriaId": "74509498-38EF-4345-9583-CEF5C26CA1D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch2:*:*:*:*:*:*", "matchCriteriaId": "CD05FF93-7B8C-4283-9DB7-E03FE98FAADF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch3:*:*:*:*:*:*", "matchCriteriaId": "0F9B6A8E-E773-44A3-9266-878F0C58EB41", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid administrative credentials."}], "id": "CVE-2026-20047", "lastModified": "2026-01-30T19:58:27.947", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "psirt@cisco.com", "type": "Primary"}]}, "published": "2026-01-15T17:16:07.160", "references": [{"source": "psirt@cisco.com", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-964cdxW5"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-80"}], "source": "psirt@cisco.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T06:05:24.862002+00:00", "value": {"mitigation_remediation": ["Upgrade Cisco Identity Services Engine to the latest available release that contains the XSS fix (e.g., update to version 3.4.0 patch\u202f3 or newer).", "Limit access to the ISE web management interface to trusted administrators and use least\u2011privilege accounts to reduce the impact of credential compromise.", "Deploy a Content Security Policy (CSP) on the ISE web interface to restrict the execution of injected scripts on any unpatched systems."], "summary": {"action": "Patch Immediately", "impact": "Cross\u2011Site Scripting"}, "threat_synthesis": {"affected_systems": "Cisco Identity Services Engine software versions 3.2.0, 3.3.0, and 3.4.0 are referenced in the product list; whereas the advisory does not specify which patch levels mitigate the flaw, Cisco routinely releases patches for these releases. Admin\u2011level users of any of the affected releases who access the web interface are at risk until a remediation update is applied.", "description_and_impact": "A vulnerability in Cisco Identity Services Engine and the associated passive connector allows an attacker who has valid administrative credentials to inject malicious script into the web\u2011based management interface. The injected code then runs in the context of any authenticated user who views the compromised page, potentially granting the attacker the ability to steal session data, modify displayed information, or perform actions on behalf of the user. The flaw stems from inadequate validation and sanitization of user\u2011supplied input, enabling client\u2011side code execution. The impact is limited to the scope of users who access the affected interface, but the odds of credential compromise grant the attacker broad control over the management surface.", "risk_and_exploitability": "The CVSS score of 4.8 indicates medium severity, and the EPSS score of less than 1\u202f% reflects a low probability of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires authenticated administrative access and interaction with the web interface, meaning it is an authenticated remote attack vector. Attackers would need to compromise or otherwise obtain valid credentials, making the threat moderate until patching occurs."}}}}, "created": "2026-01-16T13:43:23.942016+00:00", "updated": "2026-04-18T06:15:15.865049+00:00", "vendors": ["cisco", "cisco$PRODUCT$identity_services_engine_passive_identity_connector", "cisco$PRODUCT$identity_services_engine_software"]}