4.3

CVE-2006-3109

Exploit
Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 before 3.3(5)SR3, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3), and 4.3 before 4.3(1), allows remote attackers to inject arbitrary web script or HTML via the (1) pattern parameter in ccmadmin/phonelist.asp and (2) arbitrary parameters in ccmuser/logon.asp, aka bugid CSCsb68657.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoCall Manager Version3.3
CiscoCall Manager Version4.1
CiscoCall Manager Version4.2
CiscoCall Manager Version4.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 13.49% 0.96
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047015.html
http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047019.html
http://secunia.com/advisories/20735
http://securityreason.com/securityalert/1114
http://securitytracker.com/id?1016328
Patch
Exploit
http://www.cisco.com/en/US/products/sw/voicesw/ps556/tsd_products_security_response09186a00806c0846.html
Patch
http://www.fishnetsecurity.com/csirt/disclosure/cisco/Cisco+CallManager+XSS+Advisory.htm
Exploit
http://www.osvdb.org/26651
http://www.osvdb.org/26652
http://www.securityfocus.com/archive/1/437757/100/0/threaded
http://www.securityfocus.com/bid/18504
Exploit
http://www.vupen.com/english/advisories/2006/2443
https://exchange.xforce.ibmcloud.com/vulnerabilities/27225