6 matches found
CVE-2021-44228
CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...
CVE-2025-20168
Cisco Common Services Platform Collector (CSPC) web-based management interface is vulnerable to cross-site scripting (XSS) due to insufficient input validation. An authenticated, remote attacker with at least a low-privilege account can inject malicious code into specific pages to execute scripts...
CVE-2025-20166
CVE-2025-20166 affects Cisco Common Services Platform Collector (CSPC). The vulnerability is an authenticated, remote cross-site scripting (XSS) flaw in the CSPC web-based management interface caused by insufficient validation of user-supplied input. An attacker with at least a low-privileged acc...
CVE-2025-20123
Cisco Crosswork Network Controller exposes stored Cross-Site Scripting (XSS) vulnerabilities in its web-based management interface. The flaws arise from improper validation of user-supplied input, enabling an authenticated, remote attacker to inject malicious scripts via data fields in the interf...
CVE-2025-20167
CVE-2025-20167 (Cisco CSPC) describes a cross-site scripting (XSS) vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC). The issue stems from insufficient validation of user-supplied input in the interface. An attacker with at least a low-privileg...
CVE-2026-20220
Cisco CVE-2026-20220 affects the web-based management interface of Cisco Crosswork Network Controller. The root cause is insufficient input validation in the configuration template engine. An authenticated attacker with write permissions to a template user can send crafted requests to execute arb...