Lucene search
K
CiscoCommon Services Platform Collector

19 matches found

CVE
CVE
added 2021/12/10 12:0 a.m.6778 views

CVE-2021-44228

CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...

10CVSS10AI score0.99999EPSS
In wild
CVE
CVE
added 2022/05/27 2:5 p.m.183 views

CVE-2022-20667

Cisco CSPC (Common Services Platform Collector) suffers cross-site scripting (XSS) flaws in its web-based management interface due to insufficient input validation. Exploitation requires a user to click a crafted link, enabling an attacker to run arbitrary script code in the interface context or ...

6.1CVSS6AI score0.00685EPSS
CVE
CVE
added 2025/01/08 4:19 p.m.154 views

CVE-2025-20168

Cisco Common Services Platform Collector (CSPC) web-based management interface is vulnerable to cross-site scripting (XSS) due to insufficient input validation. An authenticated, remote attacker with at least a low-privilege account can inject malicious code into specific pages to execute scripts...

5.4CVSS5.3AI score0.00276EPSS
CVE
CVE
added 2022/05/27 2:5 p.m.107 views

CVE-2022-20669

CVE-2022-20669 affects Cisco’s web-based management interface of the Common Services Platform Collector (CSPC) . The issue is a cross-site scripting (XSS) vulnerability caused by insufficient validation of user-supplied input, allowing an unauthenticated, remote attacker to lure users into clicki...

6.1CVSS6AI score0.00685EPSS
CVE
CVE
added 2022/05/27 2:5 p.m.103 views

CVE-2022-20666

CVE-2022-20666 affects Cisco Common Services Platform Collector (CSPC). The issue is multiple cross-site scripting (XSS) vulnerabilities in the web-based management interface caused by insufficient validation of user-supplied input. An unauthenticated, remote attacker could persuade a user to cli...

6.1CVSS6AI score0.00685EPSS
CVE
CVE
added 2022/05/27 2:5 p.m.103 views

CVE-2022-20673

Cisco CSPC (Common Services Platform Collector) web-based management interface has multiple XSS vulnerabilities caused by insufficient input validation. A remote, unauthenticated attacker could trick a user into clicking a crafted link, potentially executing arbitrary script in the interface cont...

6.1CVSS6AI score0.00685EPSS
CVE
CVE
added 2022/05/27 2:5 p.m.94 views

CVE-2022-20668

CVE-2022-20668 affects Cisco Common Services Platform Collector (CSPC). The web-based management interface contains multiple cross-site scripting (XSS) vulnerabilities due to insufficient validation of user-supplied input. An unauthenticated, remote attacker could entice a user to click a crafted...

6.1CVSS6AI score0.00685EPSS
CVE
CVE
added 2022/05/27 2:5 p.m.91 views

CVE-2022-20671

The CVE-2022-20671 issue affects Cisco Common Services Platform Collector (CSPC) web-based management interface. It describes cross-site scripting (XSS) vulnerabilities caused by insufficient validation of user-supplied input, exploitable when a user is persuaded to click a crafted link. Conseque...

6.1CVSS6AI score0.00685EPSS
CVE
CVE
added 2022/05/27 2:5 p.m.90 views

CVE-2022-20674

CVE-2022-20674 affects Cisco Common Services Platform Collector (CSPC). The web-based management interface contains cross-site scripting vulnerabilities due to insufficient input validation, exploitable by an unauthenticated, remote attacker via crafted links to execute arbitrary script code in t...

6.1CVSS6AI score0.00685EPSS
CVE
CVE
added 2022/05/27 2:5 p.m.87 views

CVE-2022-20672

Cisco Common Services Platform Collector (CSPC) web-based management interface contains multiple cross-site scripting (XSS) vulnerabilities due to insufficient validation of user-supplied input. An unauthenticated, remote attacker could lure a user to click a crafted link, enabling execution of a...

6.1CVSS6AI score0.00685EPSS
CVE
CVE
added 2022/05/27 2:5 p.m.73 views

CVE-2022-20670

CVE-2022-20670 describes multiple cross-site scripting vulnerabilities in Cisco’s Common Services Platform Collector (CSPC) web-based management interface. The flaws arise from insufficient validation of user-supplied input, enabling an unauthenticated, remote attacker to lure a user to click a c...

6.1CVSS6AI score0.00685EPSS
CVE
CVE
added 2021/11/04 3:35 p.m.70 views

CVE-2021-34774

The CVE-2021-34774 entry concerns Cisco Common Services Platform Collector (CSPC) Web Management interface. Affected: CSPC Web UI. Vulnerable component: API response handling that fails to sufficiently protect sensitive data. Root cause: information disclosure when responding to a crafted HTTP re...

4.9CVSS4.8AI score0.00964EPSS
CVE
CVE
added 2025/01/08 4:19 p.m.70 views

CVE-2025-20166

CVE-2025-20166 affects Cisco Common Services Platform Collector (CSPC). The vulnerability is an authenticated, remote cross-site scripting (XSS) flaw in the CSPC web-based management interface caused by insufficient validation of user-supplied input. An attacker with at least a low-privileged acc...

5.4CVSS5.3AI score0.00357EPSS
CVE
CVE
added 2021/11/18 11:50 p.m.67 views

CVE-2021-40129

The CVE-2021-40129 vulnerability affects Cisco’s Common Services Platform Collector (CSPC). The issue is a SQL injection in the configuration dashboard caused by insufficient input validation of uploaded files, allowing an authenticated, remote attacker to upload a file containing a SQL query and...

4.9CVSS5AI score0.01033EPSS
CVE
CVE
added 2021/06/04 4:45 p.m.66 views

CVE-2021-1538

The CVE-2021-1538 entry details a Cisco CSPC command-injection vulnerability in the configuration dashboard. A super admin can input crafted configuration entries to trigger remote code execution with root privileges due to insufficient input sanitization. Affected are CSPC deployments prior to t...

9CVSS6.1AI score0.01814EPSS
CVE
CVE
added 2021/11/18 11:50 p.m.62 views

CVE-2021-40131

CVE-2021-40131 concerns the Cisco Common Services Platform Collector (CSPC) web-based management interface. The issue is a stored cross-site scripting vulnerability caused by insufficient validation of user-supplied input processed by the CSPC web UI. An authenticated, remote attacker could injec...

5.5CVSS5.3AI score0.00699EPSS
CVE
CVE
added 2025/01/08 4:19 p.m.62 views

CVE-2025-20167

CVE-2025-20167 (Cisco CSPC) describes a cross-site scripting (XSS) vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC). The issue stems from insufficient validation of user-supplied input in the interface. An attacker with at least a low-privileg...

5.4CVSS5.3AI score0.00276EPSS
CVE
CVE
added 2019/03/13 9:0 p.m.59 views

CVE-2019-1723

The CVE-2019-1723 issue affects Cisco CSPC (Common Services Platform Collector). The root cause is a default, static password on a built-in user account, permitting an unauthenticated, remote attacker to log in remotely. Vulnerable software versions include CSPC 2.7.x (specifically 2.7.2 through ...

10CVSS9.5AI score0.05817EPSS
CVE
CVE
added 2021/11/18 11:50 p.m.54 views

CVE-2021-40130

CVE-2021-40130 affects Cisco Common Services Platform Collector (CSPC) via the web application. The vulnerability arises from improper restriction of the syslog configuration, allowing an authenticated, remote attacker to configure non-log files as sources for syslog reporting. This could let the...

4.9CVSS5AI score0.01065EPSS