Cisco Identity Services Engine is prone to a cross-site scripting vulnerability and an HTML-injection vulnerability.
An attacker can exploit these vulnerabilities to execute arbitrary HTML script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or perform unauthorized actions. Other attacks are also possible.
This issue being tracked by Cisco Bug ID's CSCvm71860 and CSCvm79609.
Information
CVE-2018-15463
Cisco Identity Services Engine 0
Exploit
To exploit these issues, an attacker must entice an unsuspecting victim to follow a malicious URI or visit a malicious website.
References: