This vulnerability involves improper neutralization of user-supplied input during web page generation in Cisco Identity Services Engine's management interface. An authenticated remote attacker with administrative credentials can exploit insufficient input validation to conduct cross-site scripting attacks, injecting malicious code into specific interface pages. Successful exploitation could lead to execution of arbitrary script code within the context of the affected interface or unauthorized access to sensitive information in the user's browser session. The issue affects a broad range of Cisco ISE versions from 3.0.0 through 3.5 Patch 3. The CVSS v3.1 base score is 4.8 (medium severity), reflecting network attack vector, low attack complexity, high privileges required, user interaction needed, and partial confidentiality and integrity impact without availability impact. No vendor advisory or patch information is currently provided.

An attacker with valid administrative credentials can perform cross-site scripting attacks against users of the Cisco ISE management interface. This could allow execution of arbitrary scripts in the context of the interface or access to sensitive browser-based information. The impact is limited by the requirement for authenticated administrative access and user interaction, and does not affect system availability.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict administrative access to trusted personnel only and consider additional controls to limit exposure of the management interface. Monitor Cisco's advisories for updates on patches or official mitigations.