A stored cross‑site scripting flaw exists in the web‑based management interface of Cisco Identity Services Engine. An attacker who has legitimate administrative credentials can inject malicious script into specific pages of the interface. When a target user subsequently views those pages, the script runs in the victim’s browser context, potentially allowing the attacker to execute arbitrary code or retrieve sensitive, browser‑based information.

Cisco Identity Services Engine software is affected, including all builds from version 3.2.0 through the current 3.4.0 release. The flaw is present in both the base 3.2.0, 3.3.0 3.4.0 series and in all their intermediate patch releases (patch1‑patch7 for 3.2.0, patch1‑patch4 for 3.3.0).

The CVSS base score of 4.8 indicates a moderate impact, while the EPSS score of less than 1% suggests a very low likelihood of public exploitation at this time. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires that the attacker first obtain valid administrative credentials, which could be achieved through phishing, credential reuse, or insider activity. Once authenticated, the attacker can perform a stored XSS attack by submitting malicious input through the interface. The attack vector is thus authenticated and remote, but limited to users who have access to the web interface.