{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-03T21:47:28.573","vulnerabilities":[{"cve":{"id":"CVE-2018-15455","sourceIdentifier":"psirt@cisco.com","published":"2019-01-23T22:29:00.400","lastModified":"2024-11-21T03:50:50.500","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the logging component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to the improper validation of requests stored in the system's logging database. An attacker could exploit this vulnerability by sending malicious requests to the targeted system. An exploit could allow the attacker to conduct cross-site scripting attacks when an administrator views the logs in the Admin Portal."},{"lang":"es","value":"Una vulnerabilidad en el componente logging en Cisco Identity Services Engine podría permitir que un atacante remoto no autenticado lleve a cabo ataques Cross-Site Scripting (XSS). La vulnerabilidad se debe a la validación incorrecta de las peticiones almacenadas en la base de datos del sistema. Un atacante podría explotar esta vulnerabilidad mediante el envío de peticiones maliciosas al sistema objetivo. Su explotación con éxito podría permitir que el atacante lleve a cabo ataques de Cross-Site Scripting (XSS) cuando un administrador visualiza los archivos de registro en el portal de administrador."}],"metrics":{"cvssMetricV30":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:2.2\\(0.910\\):*:*:*:*:*:*:*","matchCriteriaId":"7F634714-4EC3-4741-8A14-2C8500A6C09E"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:2.3\\(0.905\\):*:*:*:*:*:*:*","matchCriteriaId":"3C7FFDEB-EEC6-4EA8-9F22-5F33EE280AD2"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:2.4\\(0.903\\):*:*:*:*:*:*:*","matchCriteriaId":"D761979F-0390-4DC6-B3AC-63F953FA6B37"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/106708","source":"psirt@cisco.com","tags":["Third Party Advisory"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-isel-xss","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/106708","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-isel-xss","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}