A vulnerability in Cisco Identity Services Engine and the associated passive connector allows an attacker who has valid administrative credentials to inject malicious script into the web‑based management interface. The injected code then runs in the context of any authenticated user who views the compromised page, potentially granting the attacker the ability to steal session data, modify displayed information, or perform actions on behalf of the user. The flaw stems from inadequate validation and sanitization of user‑supplied input, enabling client‑side code execution. The impact is limited to the scope of users who access the affected interface, but the odds of credential compromise grant the attacker broad control over the management surface.

Cisco Identity Services Engine software versions 3.2.0, 3.3.0, and 3.4.0 are referenced in the product list; whereas the advisory does not specify which patch levels mitigate the flaw, Cisco routinely releases patches for these releases. Admin‑level users of any of the affected releases who access the web interface are at risk until a remediation update is applied.

The CVSS score of 4.8 indicates medium severity, and the EPSS score of less than 1 % reflects a low probability of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires authenticated administrative access and interaction with the web interface, meaning it is an authenticated remote attack vector. Attackers would need to compromise or otherwise obtain valid credentials, making the threat moderate until patching occurs.