Cisco Common Services Platform Collector Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in the web-based management interface of Cisco Common Services Platform Collector (CSPC). This vulnerability allows an authenticated, remote attacker to conduct XSS attacks against users of the interface. The issue arises from insufficient validation of user-supplied input, enabling attackers to inject malicious code into specific pages. Exploitation of this vulnerability could result in the execution of arbitrary scripts in the context of the affected interface or access to sensitive browser-based information. To exploit this vulnerability, an attacker must have at least a low-privileged account on the affected device.

Impact

Exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the context of the affected interface or access sensitive browser-based information.