CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-40131 – Cisco Common Services Platform Collector Stored Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2021-40131
18 Nov 2021 — A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based management interface. An attacker could exploit this vulnerability by adding malicious code to the configuration by using the web-based management interface. A successful... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CSPC-XSS-KjrNbM3p • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-87: Improper Neutralization of Alternate XSS Syntax •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-40130 – Cisco Common Services Platform Collector Improper Logging Restriction Vulnerability
https://notcve.org/view.php?id=CVE-2021-40130
18 Nov 2021 — A vulnerability in the web application of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to specify non-log files as sources for syslog reporting. This vulnerability is due to improper restriction of the syslog configuration. An attacker could exploit this vulnerability by configuring non-log files as sources for syslog reporting through the web application. A successful exploit could allow the attacker to read non-log files on the CSPC. Una vulnerabilidad en l... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CSPC-ILR-8qmW8y8X • CWE-284: Improper Access Control •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-40129 – Cisco Common Services Platform Collector SQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2021-40129
18 Nov 2021 — A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to submit a SQL query through the CSPC configuration dashboard. This vulnerability is due to insufficient input validation of uploaded files. An attacker could exploit this vulnerability by uploading a file containing a SQL query to the configuration dashboard. A successful exploit could allow the attacker to read restricted information from the CSPC SQL database. U... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CSPC-SQLI-unVPTn5 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-34774 – Cisco Common Services Platform Collector Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-34774
04 Nov 2021 — A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to access sensitive data on an affected system. This vulnerability exists because the application does not sufficiently protect sensitive data when responding to a specific API request. An attacker could exploit the vulnerability by sending a crafted HTTP request to the affected application. A successful exploit could allow the attacker to obtain sensitive in... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cspc-info-disc-KM3bGVL • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-1538 – Cisco Common Services Platform Collector Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2021-1538
04 Jun 2021 — A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to execute arbitrary code. This vulnerability is due to insufficient sanitization of configuration entries. An attacker could exploit this vulnerability by logging in as a super admin and entering crafted input to configuration options on the CSPC configuration dashboard. A successful exploit could allow the attacker to execute remote code as root. Una vulnerabilida... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CSPC-CIV-kDuBfNfu • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2019-1723 – Cisco Common Services Platform Collector Static Credential Vulnerability
https://notcve.org/view.php?id=CVE-2019-1723
13 Mar 2019 — A vulnerability in the Cisco Common Services Platform Collector (CSPC) could allow an unauthenticated, remote attacker to access an affected device by using an account that has a default, static password. This account does not have administrator privileges. The vulnerability exists because the affected software has a user account with a default, static password. An attacker could exploit this vulnerability by remotely connecting to the affected system using this account. A successful exploit could allow the... • http://www.securityfocus.com/bid/107405 • CWE-264: Permissions, Privileges, and Access Controls CWE-798: Use of Hard-coded Credentials •