Update CVE-2018-15463.json

2025-08-04 08:44:25 +00:00 · 2019-01-14 19:07:24 -05:00 · 2019-01-14 19:07:24 -05:00 · 1964a0b8d3
commit 1964a0b8d3
parent d9f5e951b7
1 changed files with 1 additions and 1 deletions
--- a/2018/15xxx/CVE-2018-15463.json
+++ b/2018/15xxx/CVE-2018-15463.json
@ -36,7 +36,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient sanitization of user-supplied data that is written to log files and displayed in certain web pages of the web-based management interface of an affected device. An attacker could exploit this vulnerability by convincing a user of the interface to click a specific link or view an affected log file. The injected script code may be executed in the context of the web-based management interface or allow the attacker to access sensitive browser-based information. "
+                "value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient input validation of some parameters passed to the web-based management interface of an affected device. An attacker could exploit this vulnerability by convincing a user of the interface to click a specific link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web-based management interface or allow the attacker to access sensitive browser-based information."
            }
        ]
    },