CVE-2007-4633: XSS
First published: Fri Aug 31 2007(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to inject arbitrary web script or HTML via the lang variable to the (1) user or (2) admin logon page, aka CSCsi10728.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco CallManager Express | =4.2\(2\) | |
| Cisco Unified Communications Manager | =4.2.3sr2 | |
| Cisco CallManager Express | =4.3\(1\)sr1 | |
| Cisco CallManager Express | =3.3\(5\)sr2 | |
| Cisco CallManager Express | =4.3\(1\) | |
| Cisco CallManager Express | =4.1\(3\)sr1 | |
| Cisco CallManager Express | =4.1 | |
| Cisco CallManager Express | =3.3\(5\)sr2a | |
| Cisco CallManager Express | =4.1\(3\)sr2 | |
| Cisco CallManager Express | =4.2 | |
| Cisco CallManager Express | =4.2\(1\) | |
| Cisco CallManager Express | =4.3 | |
| Cisco CallManager Express | =4.1\(3\)sr3 | |
| Cisco CallManager Express | =4.2\(3\)sr1 | |
| Cisco CallManager Express | =4.2\(3\) | |
| Cisco CallManager Express | =4.2\(3\)sr2 | |
| Cisco CallManager Express | =4.1\(3\)sr4 | |
| Cisco CallManager Express | =3.3\(5\)sr1 | |
| Cisco Unified Communications Manager | =4.2.3sr2b |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.cisco.com/en/US/products/products_security_advisory09186a00808ae327.shtml
- http://www.securityfocus.com/bid/25480
- http://securitytracker.com/id?1018624
- http://secunia.com/advisories/26641
- http://www.vupen.com/english/advisories/2007/3010
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36325
Frequently Asked Questions
What is the severity of CVE-2007-4633?
CVE-2007-4633 has a medium severity rating due to its cross-site scripting vulnerabilities.
How do I fix CVE-2007-4633?
To fix CVE-2007-4633, upgrade to a patched version of Cisco CallManager or Unified Communications Manager that addresses the vulnerabilities.
What systems are affected by CVE-2007-4633?
CVE-2007-4633 affects multiple versions of Cisco CallManager and Unified Communications Manager prior to specified patches.
Can CVE-2007-4633 be exploited remotely?
Yes, CVE-2007-4633 can be exploited remotely, allowing attackers to inject arbitrary web scripts.
What are the potential impacts of CVE-2007-4633?
The potential impacts of CVE-2007-4633 include unauthorized access and manipulation of user sessions through cross-site scripting.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/author
- agent/last-modified-date
- agent/severity
- agent/first-publish-date
- agent/description
- agent/event
- agent/weakness
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/cisco
- canonical/cisco callmanager express
- version/cisco callmanager express/4.2\(2\)
- canonical/cisco unified communications manager
- version/cisco unified communications manager/4.2.3sr2
- version/cisco callmanager express/4.3\(1\)sr1
- version/cisco callmanager express/3.3\(5\)sr2
- version/cisco callmanager express/4.3\(1\)
- version/cisco callmanager express/4.1\(3\)sr1
- version/cisco callmanager express/4.1
- version/cisco callmanager express/3.3\(5\)sr2a
- version/cisco callmanager express/4.1\(3\)sr2
- version/cisco callmanager express/4.2
- version/cisco callmanager express/4.2\(1\)
- version/cisco callmanager express/4.3
- version/cisco callmanager express/4.1\(3\)sr3
- version/cisco callmanager express/4.2\(3\)sr1
- version/cisco callmanager express/4.2\(3\)
- version/cisco callmanager express/4.2\(3\)sr2
- version/cisco callmanager express/4.1\(3\)sr4
- version/cisco callmanager express/3.3\(5\)sr1
- version/cisco unified communications manager/4.2.3sr2b