Cisco Crosswork Network Change Automation vulnerabilities

CVE-2025-20123 [MEDIUM] CWE-79 CVE-2025-20123: Multiple vulnerabilities in the web-based management interface of Cisco Crosswork Network Controller Multiple vulnerabilities in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against users of the interface of an affected system. These vulnerabilities exist because the web-based management interface does not properly validate user-s

CVE-2019-16024 [MEDIUM] CWE-79 CVE-2019-16024: A vulnerability in the web-based management interface of Cisco Crosswork Change Automation could all A vulnerability in the web-based management interface of Cisco Crosswork Change Automation could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-base