CVE-2025-20166

CVE-2025-20166

Título es
CVE-2025-20166

Mié, 08/01/2025 – 17:15

Tipo
CWE-86

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-20166

Descripción en
A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.

This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have at least a low-privileged account on an affected device.
Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

08/01/2025
08/01/2025
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)
5.40

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cspc-xss-CDOJZyH

  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xwork-xss-KCcg7WwU

    • Enviar en el boletín
    Off

    Jose Alexis Correa Valencia

    Consultor de sistemas informáticos avanzados con más de 25 años de experiencia en el sector privado. Su carrera se ha enfocado en el análisis y diseño de sistemas, la instalación y configuración de hardware y software, así como en la administración de redes para diversas empresas. Además, ha tenido el privilegio de ser capacitador en temáticas avanzadas, especializándose en el manejo de datos en línea, la seguridad de transacciones y los multimedios.

    Ver todas las entradas