CVE-2025-20166

CWE-864 documents4 sources

Severity

5.4MEDIUM

EPSS

0.1%

top 77.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Crosswork Network Controller Cisco Cisco Common Services Platform Collector Software Cisco Common Services Platform Collector

Timeline

PublishedJan 8

Description

A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

▶CVEListV5cisco/cisco_common_services_platform_collector_software5 versions+4

▶NVDcisco/common_services_platform_collector5 versions+4

▶NVDcisco/crosswork_network_controller5.0.0 — 5.0.4+2

🔴Vulnerability Details

CVEList

Cisco Common Services Platform Collector Cross-Site Scripting Vulnerability↗2025-01-08

▶

GHSA

GHSA-7x89-2c7c-8xjf: A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker↗2025-01-08

▶

📋Vendor Advisories

Cisco

Cisco Common Services Platform Collector Cross-Site Scripting Vulnerabilities↗2025-01-08

▶