Cisco Common Services Platform Collector vulnerabilities

CVE-2025-20168 [MEDIUM] CWE-86 CVE-2025-20168: A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (C A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an a

CVE-2025-20166 [MEDIUM] CWE-86 CVE-2025-20166: A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (C A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an a

CVE-2025-20167 [MEDIUM] CWE-86 CVE-2025-20167: A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (C A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an a

CVE-2022-20673 [MEDIUM] CWE-79 CVE-2022-20673: Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Col Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based mana

CVE-2022-20669 [MEDIUM] CWE-79 CVE-2022-20669: Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Col Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based mana

CVE-2022-20668 [MEDIUM] CWE-79 CVE-2022-20668: Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Col Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based mana

CVE-2022-20674 [MEDIUM] CWE-79 CVE-2022-20674: Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Col Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based mana

CVE-2022-20666 [MEDIUM] CWE-79 CVE-2022-20666: Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Col Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based mana

CVE-2022-20671 [MEDIUM] CWE-79 CVE-2022-20671: Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Col Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based mana

CVE-2022-20670 [MEDIUM] CWE-79 CVE-2022-20670: Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Col Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based mana

CVE-2022-20667 [MEDIUM] CWE-79 CVE-2022-20667: Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Col Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based mana

CVE-2022-20672 [MEDIUM] CWE-79 CVE-2022-20672: Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Col Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based mana

CVE-2021-44228 [CRITICAL] CWE-20 CVE-2021-44228: Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LD

CVE-2021-40131 [MEDIUM] CWE-87 CVE-2021-40131: A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (C A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based management

CVE-2021-40130 [MEDIUM] CWE-284 CVE-2021-40130: A vulnerability in the web application of Cisco Common Services Platform Collector (CSPC) could allo A vulnerability in the web application of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to specify non-log files as sources for syslog reporting. This vulnerability is due to improper restriction of the syslog configuration. An attacker could exploit this vulnerability by configuring non-log files as s

CVE-2021-40129 [MEDIUM] CWE-89 CVE-2021-40129: A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) co A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to submit a SQL query through the CSPC configuration dashboard. This vulnerability is due to insufficient input validation of uploaded files. An attacker could exploit this vulnerability by uploading a file c

CVE-2021-34774 [MEDIUM] CWE-200 CVE-2021-34774: A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (C A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to access sensitive data on an affected system. This vulnerability exists because the application does not sufficiently protect sensitive data when responding to a specific API request. An attacker co

CVE-2021-1538 [MEDIUM] CWE-78 CVE-2021-1538: A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) co A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to execute arbitrary code. This vulnerability is due to insufficient sanitization of configuration entries. An attacker could exploit this vulnerability by logging in as a super admin and entering crafted input

CVE-2019-1723 [CRITICAL] CWE-264 CVE-2019-1723: A vulnerability in the Cisco Common Services Platform Collector (CSPC) could allow an unauthenticate A vulnerability in the Cisco Common Services Platform Collector (CSPC) could allow an unauthenticated, remote attacker to access an affected device by using an account that has a default, static password. This account does not have administrator privileges. The vulnerability exists because the affected software has a user account with a default, sta