Description
Cross-site scripting (XSS) vulnerability in the web application firewall in Cisco CallManager before 3.3(5)sr3, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allows remote attackers to inject arbitrary web script or HTML via the pattern parameter to CCMAdmin/serverlist.asp (aka the search-form) and possibly other unspecified vectors.
Exploits (1)
References (9)
Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1018105
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1922
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/35337
Vendor Advisory vendor-advisory
x_refsource_cisco
http://www.cisco.com/en/US/products/products_security_response09186a0080849272.html
Exploit, Vendor Advisory mailing-list
x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=117993122727006&w=2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/34465
Various Sources x_refsource_misc
http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2977
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/24119
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25377
Scores
EPSS
0.1523
EPSS Percentile
94.6%
Details
Status
published
Products (19)
cisco/call_manager
3.3
cisco/call_manager
3.3\(3\)
cisco/call_manager
3.3\(3\)es61
cisco/call_manager
3.3\(4\)es25
cisco/call_manager
3.3\(5\)
cisco/call_manager
3.3\(5\)es30
cisco/call_manager
3.3\(5\)sr1
cisco/call_manager
3.3\(5\)sr2
cisco/call_manager
4.1
cisco/call_manager
4.1\(2\)es33
... and 9 more
Published
May 24, 2007
Tracked Since
Feb 18, 2026