CVE-2007-2832
Cisco CallManager 4.1 - Search Form Cross-Site Scripting
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Cross-site scripting (XSS) vulnerability in the web application firewall in Cisco CallManager before 3.3(5)sr3, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allows remote attackers to inject arbitrary web script or HTML via the pattern parameter to CCMAdmin/serverlist.asp (aka the search-form) and possibly other unspecified vectors.
Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la aplicación web de cortafuegos de Cisco CallManager anterior a 3.3(5)sr3, 4.1 anterior a 4.1(3)sr5, 4.2 anterior a 4.2(3)sr2, y 4.3 anterior a 4.3(1)sr1 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el parámetro pattern a CCMAdmin/serverlist.asp (también conocido como formulario de búsqueda) y posiblemente otros vectores no especificados.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-05-23 CVE Reserved
- 2007-05-23 First Exploit
- 2007-05-24 CVE Published
- 2024-07-19 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (10)
URL | Tag | Source |
---|---|---|
http://www.osvdb.org/35337 | Vdb Entry | |
http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2977 | X_refsource_misc | |
http://www.securityfocus.com/bid/24119 | Vdb Entry | |
http://www.securitytracker.com/id?1018105 | Vdb Entry | |
http://www.vupen.com/english/advisories/2007/1922 | Vdb Entry | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/34465 | Vdb Entry |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/30077 | 2007-05-23 | |
http://marc.info/?l=full-disclosure&m=117993122727006&w=2 | 2024-08-07 |
URL | Date | SRC |
---|---|---|
http://secunia.com/advisories/25377 | 2017-07-29 |
URL | Date | SRC |
---|---|---|
http://www.cisco.com/en/US/products/products_security_response09186a0080849272.html | 2017-07-29 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Call Manager Search vendor "Cisco" for product "Call Manager" | 3.3 Search vendor "Cisco" for product "Call Manager" and version "3.3" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Call Manager Search vendor "Cisco" for product "Call Manager" | 3.3\(3\) Search vendor "Cisco" for product "Call Manager" and version "3.3\(3\)" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Call Manager Search vendor "Cisco" for product "Call Manager" | 3.3\(3\)es61 Search vendor "Cisco" for product "Call Manager" and version "3.3\(3\)es61" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Call Manager Search vendor "Cisco" for product "Call Manager" | 3.3\(4\)es25 Search vendor "Cisco" for product "Call Manager" and version "3.3\(4\)es25" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Call Manager Search vendor "Cisco" for product "Call Manager" | 3.3\(5\) Search vendor "Cisco" for product "Call Manager" and version "3.3\(5\)" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Call Manager Search vendor "Cisco" for product "Call Manager" | 3.3\(5\)es30 Search vendor "Cisco" for product "Call Manager" and version "3.3\(5\)es30" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Call Manager Search vendor "Cisco" for product "Call Manager" | 3.3\(5\)sr1 Search vendor "Cisco" for product "Call Manager" and version "3.3\(5\)sr1" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Call Manager Search vendor "Cisco" for product "Call Manager" | 3.3\(5\)sr2 Search vendor "Cisco" for product "Call Manager" and version "3.3\(5\)sr2" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Call Manager Search vendor "Cisco" for product "Call Manager" | 4.1 Search vendor "Cisco" for product "Call Manager" and version "4.1" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Call Manager Search vendor "Cisco" for product "Call Manager" | 4.1\(2\)es33 Search vendor "Cisco" for product "Call Manager" and version "4.1\(2\)es33" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Call Manager Search vendor "Cisco" for product "Call Manager" | 4.1\(2\)es55 Search vendor "Cisco" for product "Call Manager" and version "4.1\(2\)es55" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Call Manager Search vendor "Cisco" for product "Call Manager" | 4.1\(3\)es07 Search vendor "Cisco" for product "Call Manager" and version "4.1\(3\)es07" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Call Manager Search vendor "Cisco" for product "Call Manager" | 4.1\(3\)es32 Search vendor "Cisco" for product "Call Manager" and version "4.1\(3\)es32" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Call Manager Search vendor "Cisco" for product "Call Manager" | 4.1\(3\)sr1 Search vendor "Cisco" for product "Call Manager" and version "4.1\(3\)sr1" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Call Manager Search vendor "Cisco" for product "Call Manager" | 4.1\(3\)sr2 Search vendor "Cisco" for product "Call Manager" and version "4.1\(3\)sr2" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Call Manager Search vendor "Cisco" for product "Call Manager" | 4.1\(3\)sr3 Search vendor "Cisco" for product "Call Manager" and version "4.1\(3\)sr3" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Call Manager Search vendor "Cisco" for product "Call Manager" | 4.2\(3\) Search vendor "Cisco" for product "Call Manager" and version "4.2\(3\)" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Call Manager Search vendor "Cisco" for product "Call Manager" | 4.2\(3\)sr1 Search vendor "Cisco" for product "Call Manager" and version "4.2\(3\)sr1" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Call Manager Search vendor "Cisco" for product "Call Manager" | 4.3\(1\) Search vendor "Cisco" for product "Call Manager" and version "4.3\(1\)" | - |
Affected
|