CVE-2007-2832: XSS
First published: Thu May 24 2007(Updated: )
Cross-site scripting (XSS) vulnerability in the web application firewall in Cisco CallManager before 3.3(5)sr3, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allows remote attackers to inject arbitrary web script or HTML via the pattern parameter to CCMAdmin/serverlist.asp (aka the search-form) and possibly other unspecified vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Call Manager | =3.3\(5\)sr2 | |
| Cisco Call Manager | =4.1\(3\)es07 | |
| Cisco Call Manager | =4.1\(3\)es32 | |
| Cisco Call Manager | =4.3\(1\) | |
| Cisco Call Manager | =3.3\(5\) | |
| Cisco Call Manager | =4.1\(3\)sr1 | |
| Cisco Call Manager | =3.3\(3\)es61 | |
| Cisco Call Manager | =4.1 | |
| Cisco Call Manager | =3.3\(4\)es25 | |
| Cisco Call Manager | =3.3\(5\)es30 | |
| Cisco Call Manager | =4.1\(3\)sr2 | |
| Cisco Call Manager | =3.3 | |
| Cisco Call Manager | =4.1\(3\)sr3 | |
| Cisco Call Manager | =4.1\(2\)es55 | |
| Cisco Call Manager | =4.2\(3\)sr1 | |
| Cisco Call Manager | =4.2\(3\) | |
| Cisco Call Manager | =4.1\(2\)es33 | |
| Cisco Call Manager | =3.3\(3\) | |
| Cisco Call Manager | =3.3\(5\)sr1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://marc.info/?l=full-disclosure&m=117993122727006&w=2
- http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2977
- http://www.cisco.com/en/US/products/products_security_response09186a0080849272.html
- http://secunia.com/advisories/25377
- http://www.securityfocus.com/bid/24119
- http://www.osvdb.org/35337
- http://www.securitytracker.com/id?1018105
- http://www.vupen.com/english/advisories/2007/1922
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34465
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-historical
- collector/nvd-index
- vendor/cisco
- canonical/cisco call manager
- version/cisco call manager/3.3\(5\)sr2
- version/cisco call manager/4.1\(3\)es07
- version/cisco call manager/4.1\(3\)es32
- version/cisco call manager/4.3\(1\)
- version/cisco call manager/3.3\(5\)
- version/cisco call manager/4.1\(3\)sr1
- version/cisco call manager/3.3\(3\)es61
- version/cisco call manager/4.1
- version/cisco call manager/3.3\(4\)es25
- version/cisco call manager/3.3\(5\)es30
- version/cisco call manager/4.1\(3\)sr2
- version/cisco call manager/3.3
- version/cisco call manager/4.1\(3\)sr3
- version/cisco call manager/4.1\(2\)es55
- version/cisco call manager/4.2\(3\)sr1
- version/cisco call manager/4.2\(3\)
- version/cisco call manager/4.1\(2\)es33
- version/cisco call manager/3.3\(3\)
- version/cisco call manager/3.3\(5\)sr1