Cross-Site Scripting Vulnerability in Cisco Common Services Platform Collector

CVE-2025-20166

Summary

A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) allows authenticated remote attackers to execute cross-site scripting (XSS) attacks. This issue arises from inadequate validation of user input, permitting an attacker to inject malicious code into specific pages of the interface. A successful attack could allow the execution of arbitrary scripts in the context of the web interface, potentially exposing sensitive browser-based information. To exploit this vulnerability, an attacker requires at least a low-privilege account on the affected device. Currently, no software updates or workarounds are available to mitigate this issue.

References