Cisco Common Services Platform Collector Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in the web-based management interface of Cisco Common Services Platform Collector (CSPC). This vulnerability allows an authenticated, remote attacker to conduct XSS attacks against users of the interface. The issue arises from insufficient validation of user-supplied input, enabling attackers to inject malicious code into specific pages of the interface. Exploitation of this vulnerability could result in the execution of arbitrary script code in the context of the affected interface or access to sensitive, browser-based information. To exploit this vulnerability, an attacker must have at least a low-privileged account on an affected device.

Impact

Exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the context of the affected user's interface or access sensitive browser-based information.