CVE-2021-40131
19.11.2021, 00:15
A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based management interface. An attacker could exploit this vulnerability by adding malicious code to the configuration by using the web-based management interface. A successful exploit could allow the attacker to execute arbitrary code in the context of the interface or access sensitive, browser-based information.
| Vendor | Product | Version |
|---|---|---|
| cisco | common_services_platform_collector | 𝑥 < 2.9.1.1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-87 - Improper Neutralization of Alternate XSS SyntaxThe software does not neutralize or incorrectly neutralizes user-controlled input for alternate script syntax.
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.