Cisco Common Services Platform Collector Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in the web-based management interface of Cisco Common Services Platform Collector (CSPC). This vulnerability allows an authenticated, remote attacker to conduct XSS attacks against users of the interface. The issue arises from insufficient validation of user-supplied input, enabling attackers to inject malicious code into specific pages. Exploitation could result in the execution of arbitrary scripts in the context of the affected interface or access to sensitive browser-based information. To exploit this vulnerability, an attacker must have at least a low-privileged account on the affected device.

Impact

Exploitation of this vulnerability could lead to cross-site scripting, allowing for the execution of malicious scripts in the user's browser context or the interception of sensitive information from the browser.