CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-20168 – Cisco Common Services Platform Collector Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2025-20168
08 Jan 2025 — A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow t... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cspc-xss-CDOJZyH • CWE-86: Improper Neutralization of Invalid Characters in Identifiers in Web Pages •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-20167 – Cisco Common Services Platform Collector Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2025-20167
08 Jan 2025 — A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow t... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cspc-xss-CDOJZyH • CWE-86: Improper Neutralization of Invalid Characters in Identifiers in Web Pages •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-20166 – Cisco Common Services Platform Collector Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2025-20166
08 Jan 2025 — A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow t... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cspc-xss-CDOJZyH • CWE-86: Improper Neutralization of Invalid Characters in Identifiers in Web Pages •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20126 – Cisco ThousandEyes Endpoint Agent Certificate Validation Vulnerability
https://notcve.org/view.php?id=CVE-2025-20126
08 Jan 2025 — A vulnerability in certification validation routines of Cisco ThousandEyes Endpoint Agent for macOS and RoomOS could allow an unauthenticated, remote attacker to intercept or manipulate metrics information. This vulnerability exists because the affected software does not properly validate certificates for hosted metrics services. An on-path attacker could exploit this vulnerability by intercepting network traffic using a crafted certificate. A successful exploit could allow the attacker to masquerade as a t... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-thousandeyes-cert-pqtJUv9N • CWE-295: Improper Certificate Validation •
CVSS: 4.8EPSS: 0%CPEs: 23EXPL: 0CVE-2025-20123 – Cisco Crosswork Network Controller Stored Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2025-20123
08 Jan 2025 — Multiple vulnerabilities in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against users of the interface of an affected system. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by inserting malicious data into specific data fields in the interface. A successful exploit could... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xwork-xss-KCcg7WwU • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.6EPSS: 0%CPEs: 302EXPL: 0CVE-2024-20397 – Cisco NX-OS Software Image Verification Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-20397
04 Dec 2024 — A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification. This vulnerability is due to insecure bootloader settings. An attacker could exploit this vulnerability by executing a series of bootloader commands. A successful exploit could allow the attacker to bypass NX-OS image signature verification and load unver... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-image-sig-bypas-pQDRQvjL • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 44EXPL: 0CVE-2020-26066 – Cisco SD-WAN vManage Software XML External Entity Vulnerability
https://notcve.org/view.php?id=CVE-2020-26066
18 Nov 2024 — A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by persuading a user to import a crafted XML file with malicious entries. A successful exploit could allow the attacker to read and write files within the ... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanx3-vrZbOqqD • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.3EPSS: 0%CPEs: 42EXPL: 0CVE-2020-26062 – Cisco Integrated Management Controller Username Enumeration Vulnerability
https://notcve.org/view.php?id=CVE-2020-26062
18 Nov 2024 — A vulnerability in Cisco Integrated Management Controller could allow an unauthenticated, remote attacker to enumerate valid usernames within the vulnerable application. The vulnerability is due to differences in authentication responses sent back from the application as part of an authentication attempt. An attacker could exploit this vulnerability by sending authentication requests to the affected application. A successful exploit could allow the attacker to confirm the names of administrative user a... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-zWkppJxL • CWE-203: Observable Discrepancy •
CVSS: 5.5EPSS: 0%CPEs: 43EXPL: 0CVE-2020-26063 – Cisco Integrated Management Controller Software Authorization Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2020-26063
18 Nov 2024 — A vulnerability in the API endpoints of Cisco Integrated Management Controller could allow an authenticated, remote attacker to bypass authorization and take actions on a vulnerable system without authorization. The vulnerability is due to improper authorization checks on API endpoints. An attacker could exploit this vulnerability by sending malicious requests to an API endpoint. An exploit could allow the attacker to download files from or modify limited configuration options on the affected system.Th... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-zWkppJxL • CWE-269: Improper Privilege Management •
CVSS: 8.4EPSS: 0%CPEs: 148EXPL: 0CVE-2020-26071 – Cisco SD-WAN vEdge Arbitrary File Creation Vulnerability
https://notcve.org/view.php?id=CVE-2020-26071
18 Nov 2024 — A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to create or overwrite arbitrary files on an affected device, which could result in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation for specific commands. An attacker could exploit this vulnerability by including crafted arguments to those specific commands. A successful exploit could allow the attacker to create or overwrite arbitrary files on the affected dev... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vsoln-arbfile-gtsEYxns • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •