Improper Neutralization of Alternate XSS Syntax

CVE-2021-40131

Medium

5.5/10

Summary

A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based management interface. An attacker could exploit this vulnerability by adding malicious code to the configuration by using the web-based management interface. A successful exploit could allow the attacker to execute arbitrary code in the context of the interface or access sensitive, browser-based information.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: CHANGED
User Interaction: NONE
Privileges Required: HIGH
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-87 - Improper Neutralization of Alternate XSS Syntax

The software does not neutralize or incorrectly neutralizes user-controlled input for alternate script syntax.

References

Advisory Timeline

Published Nov 19, 2021

Improper Neutralization of Alternate XSS Syntax

CVE-2021-40131

Summary

CWE-87 - Improper Neutralization of Alternate XSS Syntax

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS