4.3
CVE-2006-3109
- EPSS 13.49%
- Veröffentlicht 21.06.2006 01:02:00
- Zuletzt bearbeitet 16.06.2026 22:26:25
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 before 3.3(5)SR3, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3), and 4.3 before 4.3(1), allows remote attackers to inject arbitrary web script or HTML via the (1) pattern parameter in ccmadmin/phonelist.asp and (2) arbitrary parameters in ccmuser/logon.asp, aka bugid CSCsb68657.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Call Manager Version3.3
Cisco ≫ Call Manager Version4.1
Cisco ≫ Call Manager Version4.2
Cisco ≫ Call Manager Version4.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 13.49% | 0.96 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047015.html
http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047019.html
http://secunia.com/advisories/20735
http://securityreason.com/securityalert/1114
http://securitytracker.com/id?1016328
http://www.cisco.com/en/US/products/sw/voicesw/ps556/tsd_products_security_response09186a00806c0846.html
http://www.fishnetsecurity.com/csirt/disclosure/cisco/Cisco+CallManager+XSS+Advisory.htm
http://www.osvdb.org/26651
http://www.osvdb.org/26652
http://www.securityfocus.com/archive/1/437757/100/0/threaded
http://www.securityfocus.com/bid/18504
http://www.vupen.com/english/advisories/2006/2443
https://exchange.xforce.ibmcloud.com/vulnerabilities/27225