- Description
- A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have at least a low-privileged account on an affected device. Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
- Source
- psirt@cisco.com
- NVD status
- Analyzed
- Products
- crosswork_network_controller, common_services_platform_collector
CVSS 3.1
- Type
- Primary
- Base score
- 5.4
- Impact score
- 2.7
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- psirt@cisco.com
- CWE-86
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:crosswork_network_controller:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2B049465-8238-4167-9803-069F41D58921",
"versionEndExcluding": "5.0.4",
"versionStartIncluding": "5.0.0"
},
{
"criteria": "cpe:2.3:a:cisco:crosswork_network_controller:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D637FA70-DA08-42DE-9756-101AC5991371",
"versionEndExcluding": "6.0.3",
"versionStartIncluding": "6.0.0"
},
{
"criteria": "cpe:2.3:a:cisco:crosswork_network_controller:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C6D2C01D-1989-4D7B-90FD-16C1F79DF9CB",
"versionEndExcluding": "7.0.1",
"versionStartIncluding": "7.0.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:common_services_platform_collector:2.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DF33B965-4F53-42CB-BE47-4EB9756D3CF9"
},
{
"criteria": "cpe:2.3:a:cisco:common_services_platform_collector:2.11.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C97CCEBD-1EBD-47C2-8D56-A0103B3EEDCB"
},
{
"criteria": "cpe:2.3:a:cisco:common_services_platform_collector:2.11.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "123CBB5D-DB97-43D2-8FDF-E03692CDAE56"
},
{
"criteria": "cpe:2.3:a:cisco:common_services_platform_collector:2.11.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9208E7F7-7ABC-498E-A021-661B48775545"
},
{
"criteria": "cpe:2.3:a:cisco:common_services_platform_collector:30.1.1-0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DC962FCB-C2D2-4F29-881C-E3518AF4C9B4"
}
],
"operator": "OR"
}
]
}
]