76 matches found
Cisco Common Services Platform Collector Cross-Site Scripting Vulnerability (CNVD-2022-64193)
Cisco Common Services Platform Collector CSPC is a common services platform data collector from Cisco USA. The product analyzes network performance and identifies risks and vulnerabilities by polling basic inventory and configuration data from Cisco devices.Cisco Common Services Platform Collecto...
Cisco Common Services Platform Collector Cross-Site Scripting Vulnerability (CNVD-2022-64197)
Cisco Common Services Platform Collector CSPC is a common services platform data collector from Cisco USA. The product analyzes network performance and identifies risks and vulnerabilities by polling basic inventory and configuration data from Cisco devices.Cisco Common Services Platform Collecto...
Cisco Common Services Platform Collector Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector CSPC Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. These vulnerabilities are due to insufficient...
CVE-2022-20672
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector CSPC Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. These vulnerabilities are due to insufficient...
CVE-2021-40131
A vulnerability in the web-based management interface of Cisco Common Services Platform Collector CSPC could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied...
CVE-2021-40129
A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector CSPC could allow an authenticated, remote attacker to submit a SQL query through the CSPC configuration dashboard. This vulnerability is due to insufficient input validation of uploaded files. An attacker...
Design/Logic Flaw
A vulnerability in the web application of Cisco Common Services Platform Collector CSPC could allow an authenticated, remote attacker to specify non-log files as sources for syslog reporting. This vulnerability is due to improper restriction of the syslog configuration. An attacker could exploit...
Input validation
A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector CSPC could allow an authenticated, remote attacker to submit a SQL query through the CSPC configuration dashboard. This vulnerability is due to insufficient input validation of uploaded files. An attacker...
Cisco Common Services Platform Collector Cross-Site Scripting Vulnerability
Cisco Common Services Platform Collector CSPC is an SNMP-based tool that discovers and collects information from Cisco devices installed on the network. management interface contains a stored cross-site scripting vulnerability that can be exploited by attackers using the Web management interface ...
Cisco Common Services Platform Collector improper logging restrictions vulnerability
Cisco Common Services Platform Collector CSPC is an SNMP-based tool that discovers and collects information from Cisco devices installed on the network. versions of Cisco Common Services Platform Collector prior to 2.9.1.1 of the Web application contains an improper logging restriction...
Cisco Common Services Platform Collector SQL Injection Vulnerability
Cisco Common Services Platform Collector CSPC is an SNMP-based tool that discovers and collects information from Cisco devices installed on the network. configuration of Cisco Common Services Platform Collector prior to version 2.9.1.1 The dashboard is vulnerable to SQL injection, which can be...
CVE-2021-40131
CVE-2021-40131 concerns the Cisco Common Services Platform Collector (CSPC) web-based management interface. The issue is a stored cross-site scripting vulnerability caused by insufficient validation of user-supplied input processed by the CSPC web UI. An authenticated, remote attacker could injec...
CVE-2021-40131 Cisco Common Services Platform Collector Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Common Services Platform Collector CSPC could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied...
CVE-2021-40130 Cisco Common Services Platform Collector Improper Logging Restriction Vulnerability
A vulnerability in the web application of Cisco Common Services Platform Collector CSPC could allow an authenticated, remote attacker to specify non-log files as sources for syslog reporting. This vulnerability is due to improper restriction of the syslog configuration. An attacker could exploit...
CVE-2021-40130
CVE-2021-40130 affects Cisco Common Services Platform Collector (CSPC) via the web application. The vulnerability arises from improper restriction of the syslog configuration, allowing an authenticated, remote attacker to configure non-log files as sources for syslog reporting. This could let the...
CVE-2021-40129 Cisco Common Services Platform Collector SQL Injection Vulnerability
A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector CSPC could allow an authenticated, remote attacker to submit a SQL query through the CSPC configuration dashboard. This vulnerability is due to insufficient input validation of uploaded files. An attacker...
CVE-2021-40129
The CVE-2021-40129 vulnerability affects Cisco’s Common Services Platform Collector (CSPC). The issue is a SQL injection in the configuration dashboard caused by insufficient input validation of uploaded files, allowing an authenticated, remote attacker to upload a file containing a SQL query and...
Cisco Common Services Platform Collector Improper Logging Restriction Vulnerability
A vulnerability in the web application of Cisco Common Services Platform Collector CSPC could allow an authenticated, remote attacker to specify non-log files as sources for syslog reporting. This vulnerability is due to improper restriction of the syslog configuration. An attacker could exploit...
Cisco Common Services Platform Collector SQL Injection Vulnerability
A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector CSPC could allow an authenticated, remote attacker to submit a SQL query through the CSPC configuration dashboard. This vulnerability is due to insufficient input validation of uploaded files. An attacker...
CVE-2021-34774
A vulnerability in the web-based management interface of Cisco Common Services Platform Collector CSPC could allow an authenticated, remote attacker to access sensitive data on an affected system. This vulnerability exists because the application does not sufficiently protect sensitive data when...