Cisco Crosswork Network Controller vulnerabilities
5 known vulnerabilities affecting cisco/crosswork_network_controller.
Total CVEs
5
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2025-20168MEDIUMCVSS 5.4≥ 5.0.0, < 5.0.4≥ 6.0.0, < 6.0.3+1 more2025-01-08
CVE-2025-20168 [MEDIUM] CWE-86 CVE-2025-20168: A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (C
A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.
This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an a
nvd
CVE-2025-20166MEDIUMCVSS 5.4≥ 5.0.0, < 5.0.4≥ 6.0.0, < 6.0.3+1 more2025-01-08
CVE-2025-20166 [MEDIUM] CWE-86 CVE-2025-20166: A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (C
A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.
This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an a
nvd
CVE-2025-20123MEDIUMCVSS 4.8≥ 5.0.0, < 5.0.4≥ 6.0.0, < 6.0.3+1 more2025-01-08
CVE-2025-20123 [MEDIUM] CWE-79 CVE-2025-20123: Multiple vulnerabilities in the web-based management interface of Cisco Crosswork Network Controller
Multiple vulnerabilities in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against users of the interface of an affected system.
These vulnerabilities exist because the web-based management interface does not properly validate user-s
nvd
CVE-2025-20167MEDIUMCVSS 5.4≥ 5.0.0, < 5.0.4≥ 6.0.0, < 6.0.3+1 more2025-01-08
CVE-2025-20167 [MEDIUM] CWE-86 CVE-2025-20167: A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (C
A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.
This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an a
nvd
CVE-2021-44228CRITICALCVSS 10.0KEVPoCfixed in 2.0.1v3.0.02021-12-10
CVE-2021-44228 [CRITICAL] CWE-20 CVE-2021-44228: Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LD
nvd