19 matches found
CVE-2021-44228
CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...
CVE-2022-20667
Cisco CSPC (Common Services Platform Collector) suffers cross-site scripting (XSS) flaws in its web-based management interface due to insufficient input validation. Exploitation requires a user to click a crafted link, enabling an attacker to run arbitrary script code in the interface context or ...
CVE-2025-20168
Cisco Common Services Platform Collector (CSPC) web-based management interface is vulnerable to cross-site scripting (XSS) due to insufficient input validation. An authenticated, remote attacker with at least a low-privilege account can inject malicious code into specific pages to execute scripts...
CVE-2022-20669
CVE-2022-20669 affects Cisco’s web-based management interface of the Common Services Platform Collector (CSPC) . The issue is a cross-site scripting (XSS) vulnerability caused by insufficient validation of user-supplied input, allowing an unauthenticated, remote attacker to lure users into clicki...
CVE-2022-20666
CVE-2022-20666 affects Cisco Common Services Platform Collector (CSPC). The issue is multiple cross-site scripting (XSS) vulnerabilities in the web-based management interface caused by insufficient validation of user-supplied input. An unauthenticated, remote attacker could persuade a user to cli...
CVE-2022-20673
Cisco CSPC (Common Services Platform Collector) web-based management interface has multiple XSS vulnerabilities caused by insufficient input validation. A remote, unauthenticated attacker could trick a user into clicking a crafted link, potentially executing arbitrary script in the interface cont...
CVE-2022-20668
CVE-2022-20668 affects Cisco Common Services Platform Collector (CSPC). The web-based management interface contains multiple cross-site scripting (XSS) vulnerabilities due to insufficient validation of user-supplied input. An unauthenticated, remote attacker could entice a user to click a crafted...
CVE-2022-20671
The CVE-2022-20671 issue affects Cisco Common Services Platform Collector (CSPC) web-based management interface. It describes cross-site scripting (XSS) vulnerabilities caused by insufficient validation of user-supplied input, exploitable when a user is persuaded to click a crafted link. Conseque...
CVE-2022-20674
CVE-2022-20674 affects Cisco Common Services Platform Collector (CSPC). The web-based management interface contains cross-site scripting vulnerabilities due to insufficient input validation, exploitable by an unauthenticated, remote attacker via crafted links to execute arbitrary script code in t...
CVE-2022-20672
Cisco Common Services Platform Collector (CSPC) web-based management interface contains multiple cross-site scripting (XSS) vulnerabilities due to insufficient validation of user-supplied input. An unauthenticated, remote attacker could lure a user to click a crafted link, enabling execution of a...
CVE-2022-20670
CVE-2022-20670 describes multiple cross-site scripting vulnerabilities in Cisco’s Common Services Platform Collector (CSPC) web-based management interface. The flaws arise from insufficient validation of user-supplied input, enabling an unauthenticated, remote attacker to lure a user to click a c...
CVE-2021-34774
The CVE-2021-34774 entry concerns Cisco Common Services Platform Collector (CSPC) Web Management interface. Affected: CSPC Web UI. Vulnerable component: API response handling that fails to sufficiently protect sensitive data. Root cause: information disclosure when responding to a crafted HTTP re...
CVE-2025-20166
CVE-2025-20166 affects Cisco Common Services Platform Collector (CSPC). The vulnerability is an authenticated, remote cross-site scripting (XSS) flaw in the CSPC web-based management interface caused by insufficient validation of user-supplied input. An attacker with at least a low-privileged acc...
CVE-2021-40129
The CVE-2021-40129 vulnerability affects Cisco’s Common Services Platform Collector (CSPC). The issue is a SQL injection in the configuration dashboard caused by insufficient input validation of uploaded files, allowing an authenticated, remote attacker to upload a file containing a SQL query and...
CVE-2021-1538
The CVE-2021-1538 entry details a Cisco CSPC command-injection vulnerability in the configuration dashboard. A super admin can input crafted configuration entries to trigger remote code execution with root privileges due to insufficient input sanitization. Affected are CSPC deployments prior to t...
CVE-2021-40131
CVE-2021-40131 concerns the Cisco Common Services Platform Collector (CSPC) web-based management interface. The issue is a stored cross-site scripting vulnerability caused by insufficient validation of user-supplied input processed by the CSPC web UI. An authenticated, remote attacker could injec...
CVE-2025-20167
CVE-2025-20167 (Cisco CSPC) describes a cross-site scripting (XSS) vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC). The issue stems from insufficient validation of user-supplied input in the interface. An attacker with at least a low-privileg...
CVE-2019-1723
The CVE-2019-1723 issue affects Cisco CSPC (Common Services Platform Collector). The root cause is a default, static password on a built-in user account, permitting an unauthenticated, remote attacker to log in remotely. Vulnerable software versions include CSPC 2.7.x (specifically 2.7.2 through ...
CVE-2021-40130
CVE-2021-40130 affects Cisco Common Services Platform Collector (CSPC) via the web application. The vulnerability arises from improper restriction of the syslog configuration, allowing an authenticated, remote attacker to configure non-log files as sources for syslog reporting. This could let the...