Lucene search
K
CiscoCrosswork Network Controller

6 matches found

CVE
CVE
added 2021/12/10 12:0 a.m.6870 views

CVE-2021-44228

CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...

10CVSS10AI score0.99999EPSS
In wildWeb
CVE
CVE
added 2025/01/08 4:19 p.m.156 views

CVE-2025-20168

Cisco Common Services Platform Collector (CSPC) web-based management interface is vulnerable to cross-site scripting (XSS) due to insufficient input validation. An authenticated, remote attacker with at least a low-privilege account can inject malicious code into specific pages to execute scripts...

5.4CVSS5.3AI score0.00281EPSS
CVE
CVE
added 2025/01/08 4:19 p.m.71 views

CVE-2025-20166

CVE-2025-20166 affects Cisco Common Services Platform Collector (CSPC). The vulnerability is an authenticated, remote cross-site scripting (XSS) flaw in the CSPC web-based management interface caused by insufficient validation of user-supplied input. An attacker with at least a low-privileged acc...

5.4CVSS5.3AI score0.00363EPSS
CVE
CVE
added 2025/01/08 4:9 p.m.67 views

CVE-2025-20123

Cisco Crosswork Network Controller exposes stored Cross-Site Scripting (XSS) vulnerabilities in its web-based management interface. The flaws arise from improper validation of user-supplied input, enabling an authenticated, remote attacker to inject malicious scripts via data fields in the interf...

4.8CVSS5.2AI score0.0026EPSS
CVE
CVE
added 2025/01/08 4:19 p.m.62 views

CVE-2025-20167

CVE-2025-20167 (Cisco CSPC) describes a cross-site scripting (XSS) vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC). The issue stems from insufficient validation of user-supplied input in the interface. An attacker with at least a low-privileg...

5.4CVSS5.3AI score0.00281EPSS
CVE
CVE
added 2026/06/17 4:17 p.m.26 views

CVE-2026-20220

Cisco CVE-2026-20220 affects the web-based management interface of Cisco Crosswork Network Controller. The root cause is insufficient input validation in the configuration template engine. An authenticated attacker with write permissions to a template user can send crafted requests to execute arb...

6.3CVSS6.2AI score0.00253EPSS