CVE-2007-2832

EIP tracks 1 public exploit for CVE-2007-2832. PoCs published by Marc Ruef.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in Cisco CallManager 4.1.1, where insufficient input sanitization allows attackers to inject malicious scripts via the 'pattern' parameter in the serverlist.asp page.

Cross-site scripting (XSS) vulnerability in the web application firewall in Cisco CallManager before 3.3(5)sr3, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allows remote attackers to inject arbitrary web script or HTML via the pattern parameter to CCMAdmin/serverlist.asp (aka the search-form) and possibly other unspecified vectors.