Cross-Site Scripting Vulnerability in Cisco Common Services Platform Collector
CVE-2025-20166

5.4MEDIUM

Key Information:

Vendor

Cisco
Status
Common Services Platform Collector
Vendor
CVE Published:
8 January 2025

What is CVE-2025-20166?

A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) allows authenticated remote attackers to execute cross-site scripting (XSS) attacks. This issue arises from inadequate validation of user input, permitting an attacker to inject malicious code into specific pages of the interface. A successful attack could allow the execution of arbitrary scripts in the context of the web interface, potentially exposing sensitive browser-based information. To exploit this vulnerability, an attacker requires at least a low-privilege account on the affected device. Currently, no software updates or workarounds are available to mitigate this issue.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://sec.cloudapps.cisco.com/security/center/content/C...
https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

JSON
.