CVSS: 6.1EPSS: 0%CPEs: 19EXPL: 0CVE-2007-4633
https://notcve.org/view.php?id=CVE-2007-4633
31 Aug 2007 — Multiple cross-site scripting (XSS) vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to inject arbitrary web script or HTML via the lang variable to the (1) user or (2) admin logon page, aka CSCsi10728. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Cisco CallManager y Unified Communications Manager (CUCM) versiones anteriores a 3.3(5)... • http://secunia.com/advisories/26641 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 31EXPL: 2CVE-2007-4634 – Cisco CallManager 4.2 / CUCM 4.2 - Logon Page 'lang' SQL Injection
https://notcve.org/view.php?id=CVE-2007-4634
31 Aug 2007 — Multiple SQL injection vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to execute arbitrary SQL commands via the lang variable to the (1) user or (2) admin logon page, aka CSCsi64265. Múltiples vulnerabilidades de inyección SQL en Cisco CallManager y Unified Communications Manager (CUCM) versiones anteriores a 3.3(5)sr2b, 4.1 versiones anteriores a 4.1(3)sr5, 4.2 vers... • https://www.exploit-db.com/exploits/30541 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 19EXPL: 2CVE-2007-2832 – Cisco CallManager 4.1 - Search Form Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-2832
24 May 2007 — Cross-site scripting (XSS) vulnerability in the web application firewall in Cisco CallManager before 3.3(5)sr3, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allows remote attackers to inject arbitrary web script or HTML via the pattern parameter to CCMAdmin/serverlist.asp (aka the search-form) and possibly other unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la aplicación web de cortafuegos de Cisco CallManager anterior a 3.3(5)sr3, 4.1 ante... • https://www.exploit-db.com/exploits/30077 •
CVSS: 6.1EPSS: 3%CPEs: 21EXPL: 5CVE-2006-3109 – Cisco CallManager 3.x/4.x - 'Web Interface 'ccmuser/logon.asp' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-3109
21 Jun 2006 — Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 before 3.3(5)SR3, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3), and 4.3 before 4.3(1), allows remote attackers to inject arbitrary web script or HTML via the (1) pattern parameter in ccmadmin/phonelist.asp and (2) arbitrary parameters in ccmuser/logon.asp, aka bugid CSCsb68657. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Cisco CallManager v3.3 anterior a v3.3(5)SR3, v4.1 anterior a v4.1(3)SR4, v4.2 anterior a ... • https://www.exploit-db.com/exploits/28062 •