CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-20168 – Cisco Common Services Platform Collector Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2025-20168
08 Jan 2025 — A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow t... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cspc-xss-CDOJZyH • CWE-86: Improper Neutralization of Invalid Characters in Identifiers in Web Pages •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-20167 – Cisco Common Services Platform Collector Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2025-20167
08 Jan 2025 — A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow t... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cspc-xss-CDOJZyH • CWE-86: Improper Neutralization of Invalid Characters in Identifiers in Web Pages •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-20166 – Cisco Common Services Platform Collector Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2025-20166
08 Jan 2025 — A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow t... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cspc-xss-CDOJZyH • CWE-86: Improper Neutralization of Invalid Characters in Identifiers in Web Pages •